CVE-2020-6317

low-risk
Published 2020-11-30

In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
ADJACENT_NETWORK / LOW complexity

Affected Products (2)

Adaptive Server Enterprise
Adaptive Server Enterprise

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2953203
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
Permissions Required https://launchpad.support.sap.com/#/notes/2953203
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
20
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 7/34 · Low