191 matches found
Code injection
SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...
Authorization
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...
Information disclosure
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
Sql injection
Under certain conditions, SAP Adaptive Server Enterprise Web Services, versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL...
CVE-2020-6241
SAP Adaptive Server Enterprise (ASE) 16.0 is affected by CVE-2020-6241. The vulnerability is a SQL injection in global temporary tables that an authenticated user can exploit to elevate privileges within ASE. The issue is confirmed by Red Hat’s CVE entry and ThreatPost reporting alongside SAP/Tru...
CVE-2020-6259
Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check...
CVE-2020-6259
The CVE-2020-6259 entry concerns SAP Adaptive Server Enterprise. Affected software: SAP ASE versions 15.7 and 16.0. Issue: a Missing Authorization Check that could let an attacker access information that should be restricted, resulting in information disclosure. Root cause: insufficient authoriza...
CVE-2020-6252
Under certain conditions SAP Adaptive Server Enterprise Cockpit, version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact syst...
CVE-2020-6253
CVE-2020-6253 affects SAP Adaptive Server Enterprise Web Services (versions 15.7 and 16.0). The vulnerability arises from the WebServices handling code, enabling an authenticated user to craft database queries that elevate privileges, modify objects, or execute unauthorised commands, i.e., a SQL ...
CVE-2020-6248
SAP Adaptive Server Enterprise Backup Server, version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection...
CVE-2020-6243
The CVE-2020-6243 entry affects SAP Adaptive Server Enterprise (XP Server on Windows), specifically versions 15.7 and 16.0. The root cause is that the extended stored procedure execution may not perform necessary checks for an authenticated user, allowing an attacker to read, modify, or delete re...
CVE-2019-0402
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure...
CVE-2019-0402
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure...
Information disclosure
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure...
CVE-2019-0402
CVE-2019-0402 affects SAP Adaptive Server Enterprise (ASE) prior to 15.7 and 16.0. The issue is an information-disclosure vulnerability that can occur under certain conditions, potentially exposing sensitive information from ASE. Exploitation requires local access with high privileges; no user in...
CVE-2019-0402
SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure...
SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2019-46440)
SAP Adaptive Server Enterprise ASE is a relational database management system from SAP. The system can be used in data-intensive environments and is characterized by high speed and stable performance. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise versions 15.7 a...
SAP Adaptive Server Enterprise CVE-2019-0402 Information Disclosure Vulnerability
Description SAP Adaptive Server Enterprise is prone to an unspecified information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. SAP Adaptive Server Enterprise versions 15.7 and 16.0 are vulnerable. Technologies Affecte...
SAP Adaptive Server Enterprise Information Disclosure Vulnerability (CNVD-2019-05056)
SAP Adaptive Server Enterprise ASE is a relational database management system from SAP. The system can be used in data-intensive environments , and has a fast , stable performance , etc. Backup Server is one of the backup server . An information disclosure vulnerability exists in the Backup Serve...
SAP Adaptive Server Enterprise Information Disclosure Vulnerability
SAP Adaptive Server Enterprise ASE is a relational database management system from SAP. The system can be used in data-intensive environments and is characterized by high speed and stable performance. An information disclosure vulnerability exists in SAP Adaptive Server Enterprise ASE versions 15...