CVE-2020-6243
Published May 12, 2020
Last updated 3 years ago
Overview
- Description
- Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 8
- Impact score
- 6
- Exploitability score
- 1.3
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F4E3F2F1-91CA-465B-831F-3493F41EFEFA"
},
{
"criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96E0D26B-8929-4A77-A6C1-240B4DADB9BD"
}
],
"operator": "OR"
}
]
}
]