Vulnerabilities > CVE-2015-3449 - 7PK - Security Features vulnerability in SAP Afaria 7.0.6398.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |