CVE-2020-6250Sensitive Information Exposure in SE SAP Adaptive Server Enterprise

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 76.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Adaptive Server EnterpriseSAP Adaptive Server Enterprise
Timeline
PublishedMay 12
Latest updateMay 24

Description

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

NVDsap/adaptive16.0

🔴Vulnerability Details

2
GHSA
GHSA-543h-m4r4-6jx2: SAP Adaptive Server Enterprise, version 162022-05-24
CVEList
CVE-2020-6250: SAP Adaptive Server Enterprise, version 162020-05-12
CVE-2020-6250 — Sensitive Information Exposure | cvebase