Unrated severityNVD Advisory· Published Jun 27, 2001· Updated Apr 16, 2026

CVE-2001-0366

Description

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.

Affected products

SAP/Saposcol4 versions
cpe:2.3:a:sap:saposcol:1.0:*:linux:*:*:*:*:*+ 3 more
- cpe:2.3:a:sap:saposcol:1.0:*:linux:*:*:*:*:*
- cpe:2.3:a:sap:saposcol:1.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sap:saposcol:1.2:*:linux:*:*:*:*:*
- cpe:2.3:a:sap:saposcol:1.3:*:linux:*:*:*:*:*
SAP/Sap R 3 Web Application Server Demo
cpe:2.3:a:sap:sap_r_3_web_application_server_demo:*:*:*:*:*:*:*:*
Range: <=1.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/2662nvdPatchVendor Advisory
www.securityfocus.com/archive/1/180498nvdExploitPatchVendor Advisory
ftp.sap.com/pub/linuxlab/saptools/README.saposcolnvd
exchange.xforce.ibmcloud.com/vulnerabilities/6487nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000