CVE-2014-6284 : SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the c

SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.

Published 2015-06-08 14:59:00

Updated 2015-06-09 15:48:57

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-6284

Probability of exploitation activity in the next 30 days: 2.19%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-6284

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-6284

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-6284

https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-004/?fid=6200

Exploit

Products affected by CVE-2014-6284

Sybase » Adaptive Server Enterprise » Update Sp131
Versions up to, including, (<=) 15.7
cpe:2.3:a:sybase:adaptive_server_enterprise:*:sp131:*:*:*:*:*:*
Matching versions
Sybase » Adaptive Server Enterprise » Version: 16.0
cpe:2.3:a:sybase:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-6284

Exploit prediction scoring system (EPSS) score for CVE-2014-6284

CVSS scores for CVE-2014-6284

CWE ids for CVE-2014-6284

References for CVE-2014-6284

Products affected by CVE-2014-6284