Posted by Portcullis Advisories on Jul 13

Vulnerability title: Weak File Permissions In SAP Afaria XeService.exe
CVE: CVE-2015-3449
Vendor: SAP
Product: Afaria XeService.exe
Affected version: 7.0.6398.0
Fixed version: Latest
Reported by: Russ Spooner
Details:

It was identified that the Afaria Windows client software was installed with weak default permissions that granted read
and write permissions to the Everyone group to the install folder.

Further details at:…