PT-2015-3845 · Sap · Sap Adaptive Server Enterprise

Published

2015-06-08

Updated

2015-06-09

CVE-2014-6284

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise (ASE) versions prior to 15.7 SP132 SAP Adaptive Server Enterprise (ASE) versions prior to 16.0 SP01

Description The issue allows remote attackers to bypass the challenge and response mechanism, obtaining access to the probe account via a crafted response.

Recommendations For versions prior to 15.7 SP132, update to 15.7 SP132 or later. For versions prior to 16.0 SP01, update to 16.0 SP01 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-6284

Affected Products

Sap Adaptive Server Enterprise

PT-2015-3845 · Sap · Sap Adaptive Server Enterprise

CVE-2014-6284

Weakness Enumeration

Related Identifiers

Affected Products

References · 2