CVE-2020-6252

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
sapadaptive_server_enterprise_cockpit
16.0
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2917090
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://launchpad.support.sap.com/#/notes/2917090
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222