CVE-2020-6295

CWE-532 — Log File Information Exposure CWE-732 — Incorrect Permission Assignment CWE-200 — Information Exposure3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 84.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Adaptive Server Enterprise SAP Adaptive Server Enterprise

Timeline

PublishedAug 12

Latest updateMay 24

Description

Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_adaptive_server_enterprise< 16.0

▶NVDsap/adaptive16.0

🔴Vulnerability Details

GHSA

GHSA-8h49-4jw2-8wq6: Under certain conditions the SAP Adaptive Server Enterprise, version 16↗2022-05-24

▶

CVEList

CVE-2020-6295: Under certain conditions the SAP Adaptive Server Enterprise, version 16↗2020-08-12

▶