← Voltar para CVEs
CVE-2020-6248
HIGH7.2
Descricao
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado5/12/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
sap:adaptive_server_enterprise_backup_server
Fraquezas (CWE)
CWE-20CWE-94
Referencias
https://launchpad.support.sap.com/#/notes/2917275(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2917275(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.