CVE-2020-6241

CWE-89 — SQL Injection3 documents3 sources

Severity

8.8HIGH

EPSS

0.5%

top 33.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Adaptive Server Enterprise SAP Adaptive Server Enterprise

Timeline

PublishedMay 12

Latest updateMay 24

Description

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_adaptive_server_enterprise< 16.0

▶NVDsap/adaptive16.0

🔴Vulnerability Details

GHSA

GHSA-r2pq-px9m-8f6r: SAP Adaptive Server Enterprise, version 16↗2022-05-24

▶

CVEList

CVE-2020-6241: SAP Adaptive Server Enterprise, version 16↗2020-05-12

▶