CVE-2020-6253

CWE-89 — SQL Injection3 documents3 sources

Severity

7.2HIGH

EPSS

0.6%

top 31.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Adaptive Server Enterprise (web Services)SAP Adaptive Server Enterprise

Timeline

PublishedMay 12

Latest updateMay 24

Description

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_adaptive_server_enterprise_(web_services)< 15.7+1

▶NVDsap/adaptive15.7, 16.0+1

🔴Vulnerability Details

GHSA

GHSA-r93v-r2h3-5m93: Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15↗2022-05-24

▶

CVEList

CVE-2020-6253: Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15↗2020-05-12

▶