Lucene search

[email protected]CVE-2015-3621

HistoryJul 16, 2015 - 2:59 p.m.

CVE-2015-3621

2015-07-1614:59:03

CWE-20

[email protected]

web.nvd.nist.gov

cve-2015-3621

sap

enterprise central component

ecc

vulnerability

local users

privileges

trojan horse

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%

JSON

Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.

Affected configurations

NVD

Node

sapenterprise_central_componentMatch-

CPENameOperatorVersion
sap:enterprise_central_componentsap enterprise central componenteq-

CPE	Name	Operator	Version
sap:enterprise_central_component	sap enterprise central component	eq	-

References

packetstormsecurity.com/files/132680/SAP-ECC-Privilege-Escalation.html

seclists.org/fulldisclosure/2015/Jul/59

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3621/

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.5%

JSON

Related for CVE-2015-3621

nvd1 prion1 cvelist1