PT-2013-6150 · Sap · Sap Sybase Adaptive Server Enterprise

Published

2013-11-23

Updated

2013-11-25

CVE-2013-6859

CVSS v2.0

8.5

High

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP Sybase Adaptive Server Enterprise (ASE) versions prior to 15.0.3 ESD#4.3 SAP Sybase Adaptive Server Enterprise (ASE) versions prior to 15.5 ESD#5.3 SAP Sybase Adaptive Server Enterprise (ASE) versions prior to 15.7 SP50 SAP Sybase Adaptive Server Enterprise (ASE) versions prior to 15.7 SP100

Description The issue is related to improper authorization, allowing remote authenticated users to gain privileges. The exact vectors used for exploitation are not specified.

Recommendations For versions prior to 15.0.3 ESD#4.3, update to 15.0.3 ESD#4.3 or later. For versions prior to 15.5 ESD#5.3, update to 15.5 ESD#5.3 or later. For versions prior to 15.7 SP50, update to 15.7 SP50 or later. For versions prior to 15.7 SP100, update to 15.7 SP100 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-6859

Affected Products

Sap Sybase Adaptive Server Enterprise

PT-2013-6150 · Sap · Sap Sybase Adaptive Server Enterprise

CVE-2013-6859

Weakness Enumeration

Related Identifiers

Affected Products

References · 5