Lucene search

SapCVELIST:CVE-2020-6317

HistoryNov 30, 2020 - 6:53 p.m.

CVE-2020-6317

2020-11-3018:53:12

sap

www.cve.org

attacker

user credentials

sensitive information

log files

ase cockpit

sap adaptive server enterprise

15.7

16.0

CVSS3

2.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

CNA Affected

[
  {
    "product": "SAP Adaptive Server Enterprise",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 15.7"
      },
      {
        "status": "affected",
        "version": "< 16.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2953203

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

CVSS3

2.6

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

3.8

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2020-6317