CVE-2020-6253

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.

Published: May 12, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-6253
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
sap / adaptive_server_enterprise	16.0	16.0.x
sap / adaptive_server_enterprise	15.7	15.7.x

https://launchpad.support.sap.com/#/notes/2917273
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

Vulnerability Database

290,273

CVE-2020-6253