CVE-2020-6317

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise versions 15.7, 16.0

Description The issue allows an attacker with regular user credentials and local access to an ASE cockpit installation to access sensitive information in the installation log files. Although this information is sensitive, it has limited utility and cannot be used to further access, modify, or render unavailable any other information in the cockpit or system.

Recommendations For SAP Adaptive Server Enterprise versions 15.7 and 16.0, consider restricting access to the installation log files as a temporary workaround to minimize the risk of sensitive information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.