14 matches found
CVE-2022-22528
CVE-2022-22528 affects SAP Adaptive Server Enterprise (ASE) version 16.0 on Windows, where the installer writes an entry to the system PATH. Under certain conditions this can allow a Standard User to execute malicious Windows binaries, enabling local privilege escalation. The issue is tied to the...
CVE-2022-31595
Affected product: SAP Financial Consolidation version 1010. The issue arises from missing authorization checks for an authenticated user, enabling escalation of privileges. This vulnerability is documented across multiple sources (SAP notes and CVE entries) with high-severity impact in CVSS 3.1/3...
CVE-2019-0402
CVE-2019-0402 affects SAP Adaptive Server Enterprise (ASE) prior to 15.7 and 16.0. The issue is an information-disclosure vulnerability that can occur under certain conditions, potentially exposing sensitive information from ASE. Exploitation requires local access with high privileges; no user in...
CVE-2022-31594
CVE-2022-31594 corresponds to an elevation-of-privilege issue in SAP Adaptive Server Enterprise (ASE) affecting local Unix systems. The Red Hat/CNVD/CNNVD entries describe a scenario where a highly privileged user can exploit a SUID-root program to escalate to root. The root cause is cited as an ...
CVE-2020-6241
SAP Adaptive Server Enterprise (ASE) 16.0 is affected by CVE-2020-6241. The vulnerability is a SQL injection in global temporary tables that an authenticated user can exploit to elevate privileges within ASE. The issue is confirmed by Red Hat’s CVE entry and ThreatPost reporting alongside SAP/Tru...
CVE-2020-6243
The CVE-2020-6243 entry affects SAP Adaptive Server Enterprise (XP Server on Windows), specifically versions 15.7 and 16.0. The root cause is that the extended stored procedure execution may not perform necessary checks for an authenticated user, allowing an attacker to read, modify, or delete re...
CVE-2020-6250
SAP Adaptive Server Enterprise 16.0 is affected by an information-disclosure vulnerability (CVE-2020-6250) due to misconfigured endpoints exposed on an adjacent network. An authenticated attacker can read system administrator passwords, potentially leading to reading/writing data and even stoppin...
CVE-2020-6253
CVE-2020-6253 affects SAP Adaptive Server Enterprise Web Services (versions 15.7 and 16.0). The vulnerability arises from the WebServices handling code, enabling an authenticated user to craft database queries that elevate privileges, modify objects, or execute unauthorised commands, i.e., a SQL ...
CVE-2020-6259
The CVE-2020-6259 entry concerns SAP Adaptive Server Enterprise. Affected software: SAP ASE versions 15.7 and 16.0. Issue: a Missing Authorization Check that could let an attacker access information that should be restricted, resulting in information disclosure. Root cause: insufficient authoriza...
CVE-2018-2457
SAP Adaptive Server Enterprise (ASE) 16.0 is cited in connected sources as having an unauthorized access vulnerability that could allow some privileged users to access information that should be restricted. The CNVD entry for SAP ASE 16.0 confirms an unauthorized access flaw; however, the provide...
CVE-2020-6317
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2020-6295
CVE-2020-6295 affects SAP Adaptive Server Enterprise 16.0. A vulnerability allows an attacker to access encrypted sensitive information through publicly readable installation log files, leading to a compromise of the Cockpit and potential information disclosure (view/modify/unavailable data). The...
CVE-2018-2469
SAP Adaptive Server Enterprise (ASE) versions 15.7 and 16.0 are affected by an information-disclosure vulnerability that allows an attacker to access data that would normally be restricted. The available sources (NVD/CNVD/related records) consistently describe this as an information-disclosure is...
CVE-2018-2468
CVE-2018-2468 affects SAP Adaptive Server Enterprise (ASE) backup server in versions 15.7 and 16.0. The issue is an information-disclosure vulnerability where an attacker can access restricted information under certain conditions. The provided connected documents confirm the affected component (B...