CVE-2020-6236

Name of the Vulnerable Software and Affected Versions: SAP Landscape Management version 3.0 SAP Adaptive Extensions version 1.0

Description: The issue is related to insufficient access control in the SAP Landscape Management and SAP Adaptive Extensions systems. It allows a remote attacker to escalate their privileges to the root level. An attacker with admin group privileges can change the ownership and permissions of arbitrary files remotely, including setting the S-user ID bit, which enables executing these files as the root user from a non-root context.

Recommendations: For SAP Landscape Management version 3.0, consider restricting access to admin group privileges to minimize the risk of exploitation. For SAP Adaptive Extensions version 1.0, avoid using the S-user ID bit in file permissions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.