CVE-2020-6243
8
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Adaptive Server Enterprise (XP Server on Windows Platform) | < 15.7 | affected |
| SAP SE | SAP Adaptive Server Enterprise (XP Server on Windows Platform) | < 16.0 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2915585
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
References
- https://launchpad.support.sap.com/#/notes/2915585
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.