CVE-2014-6284

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

S

AP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.

References

Link	Resource
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200	Exploit
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sybase:adaptive_server_enterprise::sp131::::::*
	cpe:2.3:a:sybase:adaptive_server_enterprise:16.0:::::::*

History

21 Nov 2024, 02:14

Type	Values Removed	Values Added
References	~~() https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200 - Exploit~~	() https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200 - Exploit

Information

Published : 2015-06-08 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2014-6284

Mitre link : CVE-2014-6284

CVE.ORG link : CVE-2014-6284

JSON object : View

Products Affected

adaptive_server_enterprise

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-6284", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-06-08T14:59:00.073", "references": [{"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995."}, {"lang": "es", "value": "SAP Adaptive Server Enterprise (ASE) anterior a 15.7 SP132 y 16.0 anterior a 16.0 SP01 permite a atacantes remotos evadir el mecanismo de desafi\u00f3 y respuesta y obtener acceso a la cuenta probe a trav\u00e9s de una respuesta manipulada, tambi\u00e9n conocido como la nota de seguridad de SAP 2113995."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sybase:adaptive_server_enterprise:*:sp131:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA97F543-D395-4856-A5B7-C7E2259B9285", "versionEndIncluding": "15.7"}, {"criteria": "cpe:2.3:a:sybase:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60DAB85D-361D-46BF-90E4-7210BA0F6B9D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}