Vulnerability Name: | CVE-2020-6253 (CCN-181824) | ||||||||||||
Assigned: | 2020-05-12 | ||||||||||||
Published: | 2020-05-12 | ||||||||||||
Updated: | 2020-05-15 | ||||||||||||
Summary: | Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. | ||||||||||||
CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
6.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2020-6253 Source: XF Type: UNKNOWN sap-cve20206253-sql-injection(181824) Source: CCN Type: SAP Web site SAP Support Note 2917273 Source: MISC Type: Permissions Required https://launchpad.support.sap.com/#/notes/2917273 Source: CCN Type: SAP Security Patch Day May 2020 SAP Security Patch Day May 2020 Source: MISC Type: Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
BACK |