PT-2020-19037 · Sap · Sap Adaptive Server Enterprise
Published
2020-05-12
·
Updated
2020-05-14
·
CVE-2020-6241
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Adaptive Server Enterprise version 16.0
Description
The issue allows an authenticated user to execute crafted database queries, leading to SQL Injection and potentially elevating privileges of users in the system.
Recommendations
For SAP Adaptive Server Enterprise version 16.0, consider restricting access to sensitive database queries and limiting user privileges to minimize the risk of exploitation until a patch is available.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Adaptive Server Enterprise