Vulnerability Description
SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sybase | Adaptive Server Enterprise | <= 16.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/92950
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/Third Party Advisory
- http://www.securityfocus.com/bid/92950
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-017/Third Party Advisory
FAQ
What is CVE-2016-7402?
CVE-2016-7402 is a vulnerability with a CVSS score of 9.8 (CRITICAL). SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.
How severe is CVE-2016-7402?
CVE-2016-7402 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-7402?
Check the references section above for vendor advisories and patch information. Affected products include: Sybase Adaptive Server Enterprise.