CVE-2020-6250 MEDIUM

CVE-2020-6250

Vendor Sap Se
Product SAP Adaptive Server Enterprise
Published May 12, 2020
Last update August 4, 2024

CVSS base score

6.8/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.

Key dates

02Disclosure timeline

May 12, 2020 CVE published
August 4, 2024 Record updated