CVSS: 6.5EPSS: 3%CPEs: 3EXPL: 2CVE-2014-6283
https://notcve.org/view.php?id=CVE-2014-6283
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors. SAP Adaptive Server Enterprise (ASE) 15.7 anterior a SP122 o SP63, 15.5 anterior a ESD#5.4 y 15.0.3 anterior a ESD#4.4 no restringen debidamente el acceso, lo que permite a usuarios autenticados de la base de datos (1) sobreescribir la clave maestra de cifrado o (2) provocar un desbordamiento de buffer a través de un mensaje RPC manipulado a la función hacmpmsgxchg y posiblemente otros vectores. • http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html http://scn.sap.com/docs/DOC-55451 http://secunia.com/advisories/61238 https://exchange.xforce.ibmcloud.com/vulnerabilities/99935 https://service.sap.com/sap/support/notes/2044220 https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6859
https://notcve.org/view.php?id=CVE-2013-6859
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3. 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 no realiza correctamente la autorización, lo que permite a los usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1849356 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6866
https://notcve.org/view.php?id=CVE-2013-6866
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka CR736689. SAP Sybase Adaptive Server Enterprise (ASE) anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios autenticados remotamente ejecutar código arbitrario a través de vectores no especificados, también conocido como CR736689. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1893560 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6862
https://notcve.org/view.php?id=CVE-2013-6862
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors. Vulnerabilidad no especificada en SAP Sybase Adaptive Server Enterprise (ASE) anteriores a 15.0.3 ESD#4.3, 15.5 anteriores a 15.5 ESD#5.3, y 15.7 anteriores a 15.7 SP50 o 15.7 SP100 permite a atacantes remotos causar denegación de servicio a través de vectores no especificados. • http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-6863
https://notcve.org/view.php?id=CVE-2013-6863
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 anterior a 15.0.3 ESD#4.3, 15.5 anterior a 15.5 ESD#5.3, y 15.7 anterior a 15.7 SP50 o 15.7 SP100 permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/55537 http://www.sybase.com/detail?id=1099371 https://service.sap.com/sap/support/notes/1893440 • CWE-264: Permissions, Privileges, and Access Controls •