PT-2016-7313 · Sap · Sap Ase

Published

2016-11-03

Updated

2016-11-28

CVE-2016-7402

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP ASE versions 16.0 SP02 PL03 and prior

Description The issue allows attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import sproc SQL injection.

Recommendations For SAP ASE versions 16.0 SP02 PL03 and prior, consider restricting access to the dbcc import sproc function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-7402

Affected Products

Sap Ase

PT-2016-7313 · Sap · Sap Ase

CVE-2016-7402

Weakness Enumeration

Related Identifiers

Affected Products

References · 4