VAR-201506-0329
Vulnerability from variot - Updated: 2025-04-13 23:21SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. SAP Afaria is a mobile device management solution from SAP. The solution supports the effective management of mobile devices, applications, and data lifecycles, and ensures their security during transmission and storage. An authentication bypass vulnerability exists in SAP Afaria. An attacker could use this vulnerability to gain unauthorized access and sensitive information, or to elevate permissions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "afaria",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "afaria",
"scope": null,
"trust": 1.4,
"vendor": "sap",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "afaria",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sap:afaria",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dmitry Chastukhin and Vahagn Vardanyan",
"sources": [
{
"db": "BID",
"id": "74800"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
}
],
"trust": 0.9
},
"cve": "CVE-2015-4161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-4161",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03409",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4161",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4161",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-03409",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. SAP Afaria is a mobile device management solution from SAP. The solution supports the effective management of mobile devices, applications, and data lifecycles, and ensures their security during transmission and storage. \nAn authentication bypass vulnerability exists in SAP Afaria. An attacker could use this vulnerability to gain unauthorized access and sensitive information, or to elevate permissions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4161"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "BID",
"id": "74800"
},
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4161",
"trust": 2.9
},
{
"db": "BID",
"id": "74800",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2015-03409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530",
"trust": 0.6
},
{
"db": "IVD",
"id": "DF00850C-1E7E-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "BID",
"id": "74800"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"id": "VAR-201506-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
}
],
"trust": 0.08
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
}
]
},
"last_update_date": "2025-04-13T23:21:16.930000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 2155690",
"trust": 0.8,
"url": "http://scn.sap.com/docs/DOC-55451"
},
{
"title": "SAP Afaria Authentication bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/59005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://seclists.org/fulldisclosure/2015/may/96"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/74800"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4161"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4161"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"db": "BID",
"id": "74800"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-28T00:00:00",
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"date": "2015-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"date": "2015-05-25T00:00:00",
"db": "BID",
"id": "74800"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"date": "2015-06-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"date": "2015-06-02T14:59:21.143000",
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03409"
},
{
"date": "2015-07-15T00:24:00",
"db": "BID",
"id": "74800"
},
{
"date": "2015-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002929"
},
{
"date": "2015-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"date": "2015-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-039"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-4161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP Afaria Authentication Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "df00850c-1e7e-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-03409"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-530"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-039"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…