SAP Sybase Adaptive Server Enterprise Authorization Bypass (SAP Note 1849356)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The version of SAP Sybase Adaptive Server Enterprise (ASE) installed on
the remote host is affected by an authorization bypass vulnerability.

Description :

An authenticated, remote user can access functions of SAP Sybase ASE to
which access should be restricted. This may result in an escalation of
privileges. SAP Sybase ASE does not contain authorization checks for
checking an authenticated user's authorization to access some of its
functions. This may result in undesired system behavior.

See also :

https://service.sap.com/sap/support/notes/1849356
http://www.sybase.com/detail?id=1099371

Solution :

Apply one of the patches listed in the advisory.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 70972 ()

Bugtraq ID: 63549

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now