CVE-2020-6295

Name of the Vulnerable Software and Affected Versions SAP Adaptive Server Enterprise version 16.0

Description The issue allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files, leading to a compromise of the installed Cockpit. This could enable the attacker to view, modify, and/or make unavailable any data associated with the Cockpit, resulting in information disclosure. The vulnerability is related to the lack of protection for service data in the Cockpit component of the Adaptive Server Enterprise database.

Recommendations For SAP Adaptive Server Enterprise version 16.0, restrict access to the installation log files to prevent publicly readable access and consider additional security measures to protect the Cockpit component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.