CVE-2020-6248
HIGHSAP Adaptive Server Enterprise Backup Server 16.0 - Authenticated Code Injection via DUMP or LOAD Command
Title source: llmDescription
SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2917275
Scores
CVSS v3
7.2
EPSS
0.0144
EPSS Percentile
81.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
CWE-20
Status
published
Products (1)
sap/adaptive_server_enterprise_backup_server
16.0
Published
May 12, 2020
Tracked Since
Feb 18, 2026