CVE-2020-6317 — Log File Information Exposure in SE SAP Adaptive Server Enterprise

CWE-532 — Log File Information Exposure CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

3.5LOWNVD

EPSS

0.1%

top 78.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Adaptive Server Enterprise SAP Adaptive Server Enterprise

Timeline

PublishedNov 30

Latest updateMay 24

Description

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_adaptive_server_enterprise< 15.7+1

▶NVDsap/adaptive15.7, 16.0+1

🔴Vulnerability Details

GHSA

GHSA-7x8g-hv53-vc47: In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information whic↗2022-05-24

▶

CVEList

CVE-2020-6317: In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information whic↗2020-11-30

▶