Information Disclosure Vulnerability in SAP Adaptive Server Enterprise 16.0
CVE-2020-6295

7HIGH

Key Information:

Vendor: SAP
Status: SAP Adaptive Server Enterprise
Vendor: CVE Published:; 12 August 2020

What is CVE-2020-6295?

SAP Adaptive Server Enterprise version 16.0 contains a vulnerability that could allow attackers to access sensitive and confidential information via publicly readable installation log files. Under specific conditions, an attacker could exploit this weakness to compromise the installed Cockpit. This compromise may enable unauthorized access to sensitive data, potentially allowing for its modification or unavailability, posing significant risks to data integrity and confidentiality.

Affected Version(s)

SAP Adaptive Server Enterprise < 16.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2941332

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2020
Vulnerability Reserved
Jan 8, 2020