PT-2020-19049 · Sap · Sap Adaptive Server Enterprise
Published
2020-05-12
·
Updated
2020-05-15
·
CVE-2020-6253
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Adaptive Server Enterprise (Web Services) versions 15.7, 16.0
Description
The issue allows an authenticated user to execute crafted database queries, potentially leading to SQL Injection. This could enable the user to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute.
Recommendations
For versions 15.7 and 16.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Adaptive Server Enterprise