// For flags

CVE-2014-6284

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.

SAP Adaptive Server Enterprise (ASE) anterior a 15.7 SP132 y 16.0 anterior a 16.0 SP01 permite a atacantes remotos evadir el mecanismo de desafió y respuesta y obtener acceso a la cuenta probe a través de una respuesta manipulada, también conocido como la nota de seguridad de SAP 2113995.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-09-09 CVE Reserved
  • 2015-06-08 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-10-12 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sybase
Search vendor "Sybase"
 Adaptive Server Enterprise
Search vendor "Sybase" for product "Adaptive Server Enterprise"
 <= 15.7
Search vendor "Sybase" for product "Adaptive Server Enterprise" and version " <= 15.7"
sp131
Affected
Sybase
Search vendor "Sybase"
 Adaptive Server Enterprise
Search vendor "Sybase" for product "Adaptive Server Enterprise"
 16.0
Search vendor "Sybase" for product "Adaptive Server Enterprise" and version "16.0"
-
Affected