CVE-2020-6253

Summary

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Adaptive Server Enterprise (Web Services)< 15.7affected
SAP SESAP Adaptive Server Enterprise (Web Services)< 16.0affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References