CVE-2020-6236
published 2020-04-14CVE-2020-6236: SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and…
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | adaptive_extensions | — | — |
| sap | landscape_management | — | — |
| sap_se | sap_adaptive_extensions | < 1.0 | 1.0 |
| sap_se | sap_landscape_management | < 3.0 | 3.0 |