{"api_version":"1","generated_at":"2026-04-22T23:30:45+00:00","cve":"CVE-2015-4161","urls":{"html":"https://cve.report/CVE-2015-4161","api":"https://cve.report/api/cve/CVE-2015-4161.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-4161","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-4161"},"summary":{"title":"CVE-2015-4161","description":"SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2015-06-02 14:59:00","updated_at":"2016-12-31 02:59:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2015/May/96","name":"20150522 SAP Security Notes May 2015","refsource":"FULLDISC","tags":["Exploit"],"title":"Full Disclosure: SAP Security Notes May 2015","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/74800","name":"74800","refsource":"BID","tags":[],"title":"SAP Afaria Remote Authorization Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-4161","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-4161","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"4161","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"afaria","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"4161","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"afaria","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-4161","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"74800","refsource":"BID","url":"http://www.securityfocus.com/bid/74800"},{"name":"20150522 SAP Security Notes May 2015","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2015/May/96"}]}},"nvd":{"publishedDate":"2015-06-02 14:59:00","lastModifiedDate":"2016-12-31 02:59:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:afaria:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"4161","Ordinal":"81132","Title":"CVE-2015-4161","CVE":"CVE-2015-4161","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"4161","Ordinal":"1","NoteData":"SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690.","Type":"Description","Title":null},{"CveYear":"2015","CveId":"4161","Ordinal":"2","NoteData":"2015-06-02","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"4161","Ordinal":"3","NoteData":"2016-12-29","Type":"Other","Title":"Modified"}]}}}