Vulnerability CVE-2020-6248


Published: 2020-05-12

Description:
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> Adaptive server enterprise backup server 

 References:
https://launchpad.support.sap.com/#/notes/2917275
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

Copyright 2021, cxsecurity.com

 

Back to Top