Published: 19/10/2013 Updated: 13/09/2017

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 405

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sybase adaptive server enterprise 15.7

source: wwwsecurityfocuscom/bid/63193/info SAP Sybase Adaptive Server Enterprise is prone to an information-disclosure vulnerability An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks SAP Sybase Adaptive Server Enterprise 157 ESD 2 is vulnerable; other versions may also be aff ...

CWE-94 http://www.kb.cert.org/vuls/id/303900 http://www.securityfocus.com/bid/63193 http://www.securitytracker.com/id/1029208 http://secunia.com/advisories/55377 https://exchange.xforce.ibmcloud.com/vulnerabilities/88105 https://www.exploit-db.com/exploits/38805/https://nvd.nist.gov https://www.exploit-db.com/exploits/38805/https://www.kb.cert.org/vuls/id/303900

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6025

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect