CVE Vulnerability

CVE-2020-6317

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

2.7 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 5.1 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

3.5 /10

CVSS v3.0 : LOW

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/2953203 Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*
Information

Published : 2020-11-30 07:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-6317

Mitre link : CVE-2020-6317

Products Affected

Adaptive Server Enterprise

Sap

CWE
CWE-532

Insertion of Sensitive Information into Log File