Lucene search

SapCVELIST:CVE-2020-6243

HistoryMay 12, 2020 - 5:47 p.m.

CVE-2020-6243

2020-05-1217:47:46

sap

www.cve.org

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.

CNA Affected

[
  {
    "product": "SAP Adaptive Server Enterprise (XP Server on Windows Platform)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 15.7"
      },
      {
        "status": "affected",
        "version": "< 16.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2915585

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Related for CVELIST:CVE-2020-6243