CVE Vulnerability

CVE-2020-6236

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

6.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 Vendor Advisory
https://launchpad.support.sap.com/#/notes/2902456 Permissions Required Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:sap:landscape_management:3.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:adaptive_extensions:1.0:*:*:*:*:*:*:*
Information

Published : 2020-04-14 07:15

Updated : 2020-04-15 12:48

NVD link : CVE-2020-6236

Mitre link : CVE-2020-6236

Products Affected

Adaptive Extensions

Sap

CWE
CWE-269