Code Injection Vulnerability in SAP Adaptive Server Enterprise Backup Server
CVE-2020-6248

9.1CRITICAL

Key Information:

Vendor
SAP
Vendor
CVE Published:
12 May 2020

Summary

A vulnerability has been identified in SAP Adaptive Server Enterprise (Backup Server), version 16.0, where inadequate validation checks for authenticated users during the execution of DUMP or LOAD commands could potentially allow an attacker to execute arbitrary code. This flaw emphasizes the importance of ensuring robust input validation mechanisms to prevent unwanted code execution and protect sensitive data.

Affected Version(s)

SAP Adaptive Server Enterprise (Backup Server) < 16.0

References

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.