Required CVE Record Information
Description
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
References 4 Total
- seclists.org: 20150713 CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe mailing-list
- http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/
- securityfocus.com: 75725 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- seclists.org: 20150713 CVE-2015-3449 - Weak File Permissions In SAP Afaria XeService.exe mailing-listx_transferred
- http://packetstormsecurity.com/files/132681/SAP-Afaria-XeService.exe-7.0.6398.0-Weak-File-Permissions.html x_transferred
- https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-3449/ x_transferred
- securityfocus.com: 75725 vdb-entryx_transferred