CVE Vulnerabilities

CVE-2014-6283

Published: Oct 17, 2014 | Modified: Sep 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.

Affected Software

Name Vendor Start Version End Version
Adaptive_server_enterprise Sybase 15.0.3 (including) 15.0.3 (including)
Adaptive_server_enterprise Sybase 15.5 (including) 15.5 (including)
Adaptive_server_enterprise Sybase 15.7 (including) 15.7 (including)

References