CVE-2019-0402
https://notcve.org/view.php?id=CVE-2019-0402
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. SAP Adaptive Server Enterprise, versiones anteriores a 15.7 y 16.0, bajo determinadas condiciones expone cierta información confidencial al administrador, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2845780 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533660397 •
CVE-2016-7402
https://notcve.org/view.php?id=CVE-2016-7402
SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. SAP ASE 16.0 SP02 PL03 y versiones anteriores permiten a atacantes que poseen bases de datos SourceDB y TargetDB elevar privilegios a administrador del sistema a través de una inyección SQL dbcc import_sproc. • http://www.securityfocus.com/bid/92950 https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/?fid=8409 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-6284
https://notcve.org/view.php?id=CVE-2014-6284
SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995. SAP Adaptive Server Enterprise (ASE) anterior a 15.7 SP132 y 16.0 anterior a 16.0 SP01 permite a atacantes remotos evadir el mecanismo de desafió y respuesta y obtener acceso a la cuenta probe a través de una respuesta manipulada, también conocido como la nota de seguridad de SAP 2113995. • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-6283
https://notcve.org/view.php?id=CVE-2014-6283
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors. SAP Adaptive Server Enterprise (ASE) 15.7 anterior a SP122 o SP63, 15.5 anterior a ESD#5.4 y 15.0.3 anterior a ESD#4.4 no restringen debidamente el acceso, lo que permite a usuarios autenticados de la base de datos (1) sobreescribir la clave maestra de cifrado o (2) provocar un desbordamiento de buffer a través de un mensaje RPC manipulado a la función hacmpmsgxchg y posiblemente otros vectores. • http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html http://scn.sap.com/docs/DOC-55451 http://secunia.com/advisories/61238 https://exchange.xforce.ibmcloud.com/vulnerabilities/99935 https://service.sap.com/sap/support/notes/2044220 https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-6859
https://notcve.org/view.php?id=CVE-2013-6859
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3. 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 no realiza correctamente la autorización, lo que permite a los usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1849356 • CWE-287: Improper Authentication •