CVE-2020-6317

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

Published: Nov 30, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-6317
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.5
AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.7
AV:A/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
sap / adaptive_server_enterprise	16.0	16.0.x
sap / adaptive_server_enterprise	15.7	15.7.x

https://launchpad.support.sap.com/#/notes/2953203
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

Vulnerability Database

290,273

CVE-2020-6317