On May 12, 2014, SAP published updates to Adaptive Server Enterprise versions 15.0. 15.5 and 15.7 on all platforms. These updates addressed a security flaw in a built-in procedure implementation. The flaw allows any authenticated database user to overwrite the master encryption key or execute arbitrary code in the database server process context. Below I will discuss in detail what happens inside the server when the vulnerable procedure is invoked.
more here..............http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html
more here..............http://blog.spiderlabs.com/2014/09/cve-2014-6283-sap-ase-missing-authorization-checks-and-arbitrary-code-execution.html