Vulnerability Details : CVE-2013-7245
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.
Vulnerability category: BypassGain privilege
Products affected by CVE-2013-7245
- cpe:2.3:a:sybase:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*
- cpe:2.3:a:sybase:adaptive_server_enterprise:15.7:sp50:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7245
0.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7245
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2013-7245
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7245
-
http://blog.spiderlabs.com/2014/01/sap-sybase-ase-157-security-updates.html
404 Not Found | TrustwaveThird Party Advisory
-
https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-035.txt
Third Party Advisory
Jump to