PT-2014-7130 · Sap · Sap Adaptive Server Enterprise

Publicado

2014-10-17

Atualizado

2017-09-08

CVE-2014-6283

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise (ASE) versions 15.0.3 before ESD#4.4 SAP Adaptive Server Enterprise (ASE) versions 15.5 before ESD#5.4 SAP Adaptive Server Enterprise (ASE) versions 15.7 before SP122 or SP63

Description The issue allows remote authenticated database users to overwrite the master encryption key or trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function.

Recommendations For version 15.0.3, update to ESD#4.4 or later to resolve the issue. For version 15.5, update to ESD#5.4 or later to resolve the issue. For version 15.7, update to SP122 or SP63 or later to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2014-6283

Produtos afetados

Sap Adaptive Server Enterprise

PT-2014-7130 · Sap · Sap Adaptive Server Enterprise

CVE-2014-6283

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7