Details of VAR-201506-0329

ID

VAR-201506-0329

CVE

CVE-2015-4161

TITLE

SAP Afaria Authentication Bypass Vulnerability

Trust: 0.8

sources: IVD: df00850c-1e7e-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03409

DESCRIPTION

SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. SAP Afaria is a mobile device management solution from SAP. The solution supports the effective management of mobile devices, applications, and data lifecycles, and ensures their security during transmission and storage. An authentication bypass vulnerability exists in SAP Afaria. An attacker could use this vulnerability to gain unauthorized access and sensitive information, or to elevate permissions. This may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2015-4161 // JVNDB: JVNDB-2015-002929 // CNVD: CNVD-2015-03409 // CNNVD: CNNVD-201505-530 // BID: 74800 // IVD: df00850c-1e7e-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: df00850c-1e7e-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03409

AFFECTED PRODUCTS

vendor:	sap	model:	afaria	scope:	eq	version:	-	Trust: 1.6
vendor:	sap	model:	afaria	scope:	-	version:	-	Trust: 1.4
vendor:	afaria	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: df00850c-1e7e-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03409 // JVNDB: JVNDB-2015-002929 // CNNVD: CNNVD-201506-039 // NVD: CVE-2015-4161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4161
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-4161
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03409
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-039
value:	HIGH
Trust: 0.6
IVD:	df00850c-1e7e-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2015-4161
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03409
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	df00850c-1e7e-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: df00850c-1e7e-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03409 // JVNDB: JVNDB-2015-002929 // CNNVD: CNNVD-201506-039 // NVD: CVE-2015-4161

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2015-002929 // NVD: CVE-2015-4161

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201505-530 // CNNVD: CNNVD-201506-039

TYPE

permissions and access control

Trust: 1.2

sources: CNNVD: CNNVD-201505-530 // CNNVD: CNNVD-201506-039

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002929

PATCH

title:	SAP Security Note 2155690	url:	http://scn.sap.com/docs/DOC-55451	Trust: 0.8
title:	SAP Afaria Authentication bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/59005	Trust: 0.6

sources: CNVD: CNVD-2015-03409 // JVNDB: JVNDB-2015-002929

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4161	Trust: 2.9
db:	BID	id:	74800	Trust: 2.5
db:	CNVD	id:	CNVD-2015-03409	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-039	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-002929	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-530	Trust: 0.6
db:	IVD	id:	DF00850C-1E7E-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: df00850c-1e7e-11e6-abef-000c29c66e3d // CNVD: CNVD-2015-03409 // BID: 74800 // JVNDB: JVNDB-2015-002929 // CNNVD: CNNVD-201505-530 // CNNVD: CNNVD-201506-039 // NVD: CVE-2015-4161

REFERENCES

url:	http://seclists.org/fulldisclosure/2015/may/96	Trust: 2.4
url:	http://www.securityfocus.com/bid/74800	Trust: 2.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4161	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4161	Trust: 0.8

sources: CNVD: CNVD-2015-03409 // JVNDB: JVNDB-2015-002929 // CNNVD: CNNVD-201505-530 // CNNVD: CNNVD-201506-039 // NVD: CVE-2015-4161

CREDITS

Dmitry Chastukhin and Vahagn Vardanyan

Trust: 0.9

sources: BID: 74800 // CNNVD: CNNVD-201505-530

SOURCES

db:	IVD	id:	df00850c-1e7e-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2015-03409
db:	BID	id:	74800
db:	JVNDB	id:	JVNDB-2015-002929
db:	CNNVD	id:	CNNVD-201505-530
db:	CNNVD	id:	CNNVD-201506-039
db:	NVD	id:	CVE-2015-4161

LAST UPDATE DATE

2025-04-13T23:21:16.930000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03409	date:	2015-05-28T00:00:00
db:	BID	id:	74800	date:	2015-07-15T00:24:00
db:	JVNDB	id:	JVNDB-2015-002929	date:	2015-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201505-530	date:	2015-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201506-039	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-4161	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	df00850c-1e7e-11e6-abef-000c29c66e3d	date:	2015-05-28T00:00:00
db:	CNVD	id:	CNVD-2015-03409	date:	2015-05-28T00:00:00
db:	BID	id:	74800	date:	2015-05-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-002929	date:	2015-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201505-530	date:	2015-05-26T00:00:00
db:	CNNVD	id:	CNNVD-201506-039	date:	2015-06-03T00:00:00
db:	NVD	id:	CVE-2015-4161	date:	2015-06-02T14:59:21.143