CVE-2020-6250

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

12/05/2020

Last modified:

21/07/2021

Description

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.80 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

6.80

Severity 3.x

MEDIUM

Vector 2.0

AV:A/AC:L/Au:S/C:P/I:P/A:C CVSS v2.0 Severity and Metrics:

Base Score: 6.70 MEDIUM
Vector: AV:A/AC:L/Au:S/C:P/I:P/A:C

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Complete