Details of VAR-201501-0543

ID

VAR-201501-0543

CVE

CVE-2015-1310

TITLE

SAP Adaptive Server Enterprise In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-001228

DESCRIPTION

SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Trust: 1.89

sources: NVD: CVE-2015-1310 // JVNDB: JVNDB-2015-001228 // BID: 72791

AFFECTED PRODUCTS

vendor:	sybase	model:	adaptive server enterprise	scope:	eq	version:	*	Trust: 1.0
vendor:	sap	model:	adaptive server enterprise	scope:	-	version:	-	Trust: 0.8
vendor:	sybase	model:	adaptive server enterprise	scope:	-	version:	-	Trust: 0.6
vendor:	sap	model:	sybase adaptive server enterprise	scope:	eq	version:	0	Trust: 0.3

sources: BID: 72791 // JVNDB: JVNDB-2015-001228 // CNNVD: CNNVD-201501-559 // NVD: CVE-2015-1310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-1310
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-1310
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201501-559
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2015-1310
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2015-001228 // CNNVD: CNNVD-201501-559 // NVD: CVE-2015-1310

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2015-001228 // NVD: CVE-2015-1310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201501-559

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201501-559

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001228

PATCH

title:	SAP Security Note 2113333	url:	http://scn.sap.com/docs/DOC-55451	Trust: 0.8
title:	SAP Sybase Adaptive Server Enterprise	url:	http://www.sap.com/japan/pc/tech/database/software/adaptive-server-enterprise/index.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-001228

EXTERNAL IDS

db:	NVD	id:	CVE-2015-1310	Trust: 2.7
db:	JVNDB	id:	JVNDB-2015-001228	Trust: 0.8
db:	CNNVD	id:	CNNVD-201501-559	Trust: 0.6
db:	BID	id:	72791	Trust: 0.3

sources: BID: 72791 // JVNDB: JVNDB-2015-001228 // CNNVD: CNNVD-201501-559 // NVD: CVE-2015-1310

REFERENCES

url:	http://erpscan.com/press-center/blog/sap-critical-patch-update-january-2015/	Trust: 1.7
url:	https://erpscan.io/press-center/blog/sap-critical-patch-update-january-2015/	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1310	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1310	Trust: 0.8
url:	http://www.sap.com	Trust: 0.3

sources: BID: 72791 // JVNDB: JVNDB-2015-001228 // CNNVD: CNNVD-201501-559 // NVD: CVE-2015-1310

CREDITS

Nikolay Mescherin of ERPScan.

Trust: 0.3

sources: BID: 72791

SOURCES

db:	BID	id:	72791
db:	JVNDB	id:	JVNDB-2015-001228
db:	CNNVD	id:	CNNVD-201501-559
db:	NVD	id:	CVE-2015-1310

LAST UPDATE DATE

2025-04-12T23:32:51.852000+00:00

SOURCES UPDATE DATE

db:	BID	id:	72791	date:	2015-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-001228	date:	2015-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201501-559	date:	2015-01-26T00:00:00
db:	NVD	id:	CVE-2015-1310	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	BID	id:	72791	date:	2015-01-16T00:00:00
db:	JVNDB	id:	JVNDB-2015-001228	date:	2015-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201501-559	date:	2015-01-26T00:00:00
db:	NVD	id:	CVE-2015-1310	date:	2015-01-22T16:59:05.337