CVE-2020-6252

EUVD-2020-27402
Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
9 CRITICAL
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
sapadaptive_server_enterprise_cockpit
16.0
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2917090
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://launchpad.support.sap.com/#/notes/2917090
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222