Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP Adaptive Server Enterprise 权限许可和访问控制漏洞
Vulnerability Description
SAP Adaptive Server Enterprise(ASE)是德国思爱普(SAP)公司的一套关系型数据库管理系统。该系统可在数据密集型环境中使用,并具有速度快、性能稳定等特点。 SAP ASE中存在安全漏洞,该漏洞源于程序没有正确限制访问权限。远程攻击者可通过向hacmpmsgxchg函数发送特制的RPC消息利用该漏洞覆盖主密钥,或导致缓冲区溢出。以下版本受到影响:SAP Adaptive Server Enterprise (ASE) SP122(SP63)之前15.7版本,ESD#5.4之前
CVSS Information
N/A
Vulnerability Type
N/A