Vulnerability Details : CVE-2015-2816
The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905.
Products affected by CVE-2015-2816
- cpe:2.3:a:sap:afaria:7.0.6001.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-2816
0.76%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-2816
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-2816
-
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-2816
-
http://www.securityfocus.com/bid/73708
SAP Afaria CVE-2015-2816 Authorization Bypass Vulnerability
-
http://seclists.org/fulldisclosure/2015/Jun/67
Full Disclosure: ERPSCAN Research Advisory [ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
-
https://erpscan.io/advisories/erpscan-15-009-sap-afaria-7-xclistener-missing-authorization-check/
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
-
http://www.securityfocus.com/archive/1/535830/100/800/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/132363/SAP-Afaria-7-Missing-Authorization-Check.html
SAP Afaria 7 Missing Authorization Check ≈ Packet Storm
Jump to