Weak Permissions in SAP Afaria 7.0.6398.0 Windows Client Install Folder Vulnerability

Weak Permissions in SAP Afaria 7.0.6398.0 Windows Client Install Folder Vulnerability

CVE-2015-3449 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.

Learn more about our User Device Pen Test.