CVE-2020-6243

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise versions 15.7, 16.0

Description The issue allows an attacker to read, modify, or delete restricted data on connected servers due to insufficient checks for authenticated users when executing an extended stored procedure, potentially leading to code injection.

Recommendations For versions 15.7 and 16.0, consider restricting access to the extended stored procedure until a patch is available. As a temporary workaround, limit the privileges of authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.