191 matches found
Information disclosure
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to...
CVE-2020-6295
Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to...
SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-29753)
SAP Adaptive Server Enterprise is a relational database server from SAP. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability to obtain account credentials, manipulate system data, and impact system availability...
SAP Adaptive Server Enterprise SQL Injection Vulnerability (CNVD-2020-29750)
SAP Adaptive Server Enterprise is a relational database server from SAP. A SQL injection vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability by executing specially crafted query statements to elevate privileges, modify database objects, or execute...
SAP Adaptive Server Enterprise SQL Injection Vulnerability (CNVD-2020-29747)
SAP Adaptive Server Enterprise is a relational database server from SAP. A SQL injection vulnerability exists in SAP Adaptive Server Enterprise. An attacker can exploit this vulnerability by executing specially crafted database query statements to elevate privileges...
SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2020-29752)
SAP Adaptive Server Enterprise is a relational database server from SAP. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise. An attacker could exploit this vulnerability to read the system administrator password via certain misconfigured endpoints that are publicly...
SAP Adaptive Server Enterprise Authorization Issues Vulnerability
SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. SAP Adaptive Server Enterprise has an authorization issue vulnerability that stems from a lack of authorization checking. An attacker could exploit the vulnerability to access information...
SAP Adaptive Server Enterprise Input Validation Error Vulnerability
SAP Adaptive Server Enterprise is a relational database server from SAP. An input validation error vulnerability exists in SAP Adaptive Server Enterprise, which arises when the program does not perform the required validation checks on an authenticated user. An attacker could exploit this...
SAP Adaptive Server Enterprise Injection Vulnerability
SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An injection vulnerability exists in SAP Adaptive Server Enterprise, which originates when the program does not perform the required authentication checks on an authenticated user. An attacker could exploit the...
CVE-2020-6252
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
CVE-2020-6252
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
CVE-2020-6253
Under certain conditions, SAP Adaptive Server Enterprise Web Services, versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL...
CVE-2020-6259
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...
CVE-2020-6248
SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...
CVE-2020-6248
SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...
CVE-2020-6250
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop t...
CVE-2020-6241
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection...
CVE-2020-6243
Under certain conditions, SAP Adaptive Server Enterprise XP Server on Windows Platform, versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected...
Information disclosure
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop t...
Sql injection
SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection...