CVE-2014-6283

Name: CVE-2014-6283
Creator: NVD / NIST
Published: 2014-10-17T23:55:03.933+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.15%

Last modified Jun 17, 2026

CVE-2014-6283 is a vulnerability of currently unknown severity. SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.. EPSS estimates a 1.15% chance of exploitation in the next 30 days.

Description

SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 before ESD#5.4, and 15.0.3 before ESD#4.4 does not properly restrict access, which allows remote authenticated database users to (1) overwrite the master encryption key or (2) trigger a buffer overflow via a crafted RPC message to the hacmpmsgxchg function, and possibly other vectors.

Metrics

EPSS Probability

1.15%

62.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Sybase	Adaptive Server Enterprise	15.0.3
Sybase	Adaptive Server Enterprise	15.5
Sybase	Adaptive Server Enterprise	15.7

References

http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.htmlExploit, Third Party Advisory
http://scn.sap.com/docs/DOC-55451Vendor Advisory
http://secunia.com/advisories/61238
https://exchange.xforce.ibmcloud.com/vulnerabilities/99935
https://service.sap.com/sap/support/notes/2044220Permissions Required, Vendor Advisory
https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txtExploit, Third Party Advisory
http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.htmlExploit, Third Party Advisory
http://scn.sap.com/docs/DOC-55451Vendor Advisory
http://secunia.com/advisories/61238
https://exchange.xforce.ibmcloud.com/vulnerabilities/99935
https://service.sap.com/sap/support/notes/2044220Permissions Required, Vendor Advisory
https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-013.txtExploit, Third Party Advisory

Timeline

Published: Oct 17, 2014
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-6283?

How severe is CVE-2014-6283?

Severity scoring for CVE-2014-6283 is pending analysis. The EPSS model estimates a 1.15% probability of exploitation in the next 30 days.

How do I fix CVE-2014-6283?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-6283?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST