Lucene search

[email protected]CVE-2015-3449

HistoryJul 16, 2015 - 2:59 p.m.

CVE-2015-3449

2015-07-1614:59:02

CWE-254

[email protected]

web.nvd.nist.gov

cve-2015-3449

sap afaria

windows client

weak permissions

local privilege escalation

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.

Affected configurations

NVD

Node

sapafariaMatch7.0.6398.0

CPENameOperatorVersion
sap:afariasap afariaeq7.0.6398.0

CPE	Name	Operator	Version
sap:afaria	sap afaria	eq	7.0.6398.0

References

packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html

seclists.org/fulldisclosure/2015/Jul/60

www.securityfocus.com/bid/75725

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3449

prion1 cvelist1 nvd1