Code Injection Vulnerability in SAP Adaptive Server Enterprise Backup Server
CVE-2020-6248
9.1CRITICAL
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 12 May 2020
Summary
A vulnerability has been identified in SAP Adaptive Server Enterprise (Backup Server), version 16.0, where inadequate validation checks for authenticated users during the execution of DUMP or LOAD commands could potentially allow an attacker to execute arbitrary code. This flaw emphasizes the importance of ensuring robust input validation mechanisms to prevent unwanted code execution and protect sensitive data.
Affected Version(s)
SAP Adaptive Server Enterprise (Backup Server) < 16.0
References
CVSS V3.1
Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved