CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0402
https://notcve.org/view.php?id=CVE-2019-0402
11 Dec 2019 — SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. SAP Adaptive Server Enterprise, versiones anteriores a 15.7 y 16.0, bajo determinadas condiciones expone cierta información confidencial al administrador, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2845780 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7402
https://notcve.org/view.php?id=CVE-2016-7402
03 Nov 2016 — SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. SAP ASE 16.0 SP02 PL03 y versiones anteriores permiten a atacantes que poseen bases de datos SourceDB y TargetDB elevar privilegios a administrador del sistema a través de una inyección SQL dbcc import_sproc. • http://www.securityfocus.com/bid/92950 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2014-6284
https://notcve.org/view.php?id=CVE-2014-6284
08 Jun 2015 — SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995. SAP Adaptive Server Enterprise (ASE) anterior a 15.7 SP132 y 16.0 anterior a 16.0 SP01 permite a atacantes remotos evadir el mecanismo de desafió y respuesta y obtener acceso a la cuenta probe a través de una respuesta manipulada, también conocido como la nota de se... • https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 2CVE-2014-6283
https://notcve.org/view.php?id=CVE-2014-6283
17 Oct 2014 — SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors. SAP Adaptive Server Enterprise (ASE) 15.7 anterior a SP122 o SP63, 15.5 anterior a ESD#5.4 y 15.0.3 anterior a ESD#4.4 no restringen debidamente el acceso, l... • http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6864
https://notcve.org/view.php?id=CVE-2013-6864
23 Nov 2013 — Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to affect confidentiality, integrity, and availability via unspecified vectors. Vulnerabilidad de salto de directorio en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anteriores a 15.0.3 ESD#4.3, 15.5 anteriores a 15.5 ESD#5.3, y 15.7 anteriores a 15.7 SP50 o 15.7 SP100 permite a usuarios autent... • http://scn.sap.com/docs/DOC-8218 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6868
https://notcve.org/view.php?id=CVE-2013-6868
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 15.5 anterior a ESD#5.3, y 15.7 anterior a SP50 15.7 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no especificados. • http://secunia.com/advisories/55537 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6860
https://notcve.org/view.php?id=CVE-2013-6860
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios remotos autenticados para obtener información sensible a través ... • http://scn.sap.com/docs/DOC-8218 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6861
https://notcve.org/view.php?id=CVE-2013-6861
23 Nov 2013 — Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios locales obtener información sensible a través de vectores no espe... • http://scn.sap.com/docs/DOC-8218 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6866
https://notcve.org/view.php?id=CVE-2013-6866
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios autenticados remotamente ejecutar código arbitrario a través de vectores no especificados, también conocido como CR7366... • http://scn.sap.com/docs/DOC-8218 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6863
https://notcve.org/view.php?id=CVE-2013-6863
23 Nov 2013 — SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •