PT-2020-19044 · Sap · Sap Adaptive Server Enterprise

Published

2020-05-12

Updated

2021-07-21

CVE-2020-6248

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise (Backup Server) version 16.0

Description The issue allows arbitrary code execution or code injection due to insufficient validation checks for authenticated users when executing DUMP or LOAD commands.

Recommendations For SAP Adaptive Server Enterprise (Backup Server) version 16.0, update to a version that includes the necessary validation checks to prevent arbitrary code execution or code injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

CVE-2020-6248

Affected Products

Sap Adaptive Server Enterprise

PT-2020-19044 · Sap · Sap Adaptive Server Enterprise

CVE-2020-6248

Weakness Enumeration

Related Identifiers

Affected Products

References · 5