Lucene search

[email protected]CVE-2014-6283

HistoryOct 17, 2014 - 11:55 p.m.

CVE-2014-6283

2014-10-1723:55:00

CWE-264

[email protected]

web.nvd.nist.gov

sap

ase

cve-2014-6283

vulnerability

remote access

security

nvd

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.

CPENameOperatorVersion
sybase:adaptive_server_enterprisesybase adaptive server enterpriseeq15.5
sybase:adaptive_server_enterprisesybase adaptive server enterpriseeq15.0.3
sybase:adaptive_server_enterprisesybase adaptive server enterpriseeq15.7

CPE	Name	Operator	Version
sybase:adaptive_server_enterprise	sybase adaptive server enterprise	eq	15.5
sybase:adaptive_server_enterprise	sybase adaptive server enterprise	eq	15.0.3
sybase:adaptive_server_enterprise	sybase adaptive server enterprise	eq	15.7

References

blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html

scn.sap.com/docs/DOC-55451

secunia.com/advisories/61238

exchange.xforce.ibmcloud.com/vulnerabilities/99935

service.sap.com/sap/support/notes/2044220

www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txt

7.6 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2014-6283

prion1 cvelist1