// For flags

CVE-2015-2278

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

La implementación LZH decompression (la función CsObjectInt::BuildHufTree en vpa108csulzh.cpp) en SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, la herramienta de archivos SAPCAR, y otros productos permite a atacantes dependientes de contexto causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados, relacionado con búsquedas de códigos no simples, también conocido como las notas de seguridad de SAP 2124806, 2121661, 2127995, y 2125316.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-03-10 CVE Reserved
  • 2015-05-13 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
Gui
Search vendor "Sap" for product "Gui"
--
Affected
Sap
Search vendor "Sap"
Maxdb
Search vendor "Sap" for product "Maxdb"
7.5
Search vendor "Sap" for product "Maxdb" and version "7.5"
-
Affected
Sap
Search vendor "Sap"
Maxdb
Search vendor "Sap" for product "Maxdb"
7.6
Search vendor "Sap" for product "Maxdb" and version "7.6"
-
Affected
Sap
Search vendor "Sap"
Netweaver Abap Application Server
Search vendor "Sap" for product "Netweaver Abap Application Server"
--
Affected
Sap
Search vendor "Sap"
Netweaver Java Application Server
Search vendor "Sap" for product "Netweaver Java Application Server"
--
Affected
Sap
Search vendor "Sap"
Netweaver Rfc Sdk
Search vendor "Sap" for product "Netweaver Rfc Sdk"
--
Affected
Sap
Search vendor "Sap"
Rfc Library
Search vendor "Sap" for product "Rfc Library"
*-
Affected