CVSS: 7.2EPSS: 0%CPEs: 11EXPL: 0CVE-2022-31594
https://notcve.org/view.php?id=CVE-2022-31594
14 Jun 2022 — A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. Un usuario con altos privilegios puede explotar el programa SUID-root para escalar sus privilegios a root en un sistema Unix local • https://launchpad.support.sap.com/#/notes/3155571 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22528
https://notcve.org/view.php?id=CVE-2022-22528
09 Feb 2022 — SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. La instalación de SAP Adaptive Server Enterprise (ASE) - versión 16.0, hace una entrada en la variable de entorno PATH del sistema en la plat... • https://launchpad.support.sap.com/#/notes/3140564 • CWE-427: Uncontrolled Search Path Element •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6317
https://notcve.org/view.php?id=CVE-2020-6317
30 Nov 2020 — In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0. En determinadas situaciones, un atacante con credenciales de usuario normales y ... • https://launchpad.support.sap.com/#/notes/2953203 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6295
https://notcve.org/view.php?id=CVE-2020-6295
12 Aug 2020 — Under certain conditions the SAP Adaptive Server Enterprise, version 16.0, allows an attacker to access encrypted sensitive and confidential information through publicly readable installation log files leading to a compromise of the installed Cockpit. This compromise could enable the attacker to view, modify and/or make unavailable any data associated with the Cockpit, leading to Information Disclosure. En determinadas condiciones, SAP Adaptive Server Enterprise, versión 16.0, permite a un atacante acceder ... • https://launchpad.support.sap.com/#/notes/2941332 • CWE-532: Insertion of Sensitive Information into Log File CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6241
https://notcve.org/view.php?id=CVE-2020-6241
12 May 2020 — SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. SAP Adaptive Server Enterprise, versión 16.0, permite a un usuario autenticado ejecutar consultas de base de datos diseñadas para escalar privilegios de usuarios en el sistema, conllevando a una Inyección SQL. • https://launchpad.support.sap.com/#/notes/2916927 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6259
https://notcve.org/view.php?id=CVE-2020-6259
12 May 2020 — Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. Bajo determinadas condiciones, SAP Adaptive Server Enterprise, versiones 15.7, 16.0, permite a un atacante acceder a información que de otra manera estaría restringida, conllevando a una Falta de Comprobación de Autorización. • https://launchpad.support.sap.com/#/notes/2920548 • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6253
https://notcve.org/view.php?id=CVE-2020-6253
12 May 2020 — Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. Bajo determinadas condiciones, SAP Adaptive Server Enterprise (Web Services), versiones 15.7, 16.0, permite a un usuario autenticado ejecutar consultas de base de datos diseñadas para elevar sus privilegios,... • https://launchpad.support.sap.com/#/notes/2917273 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6250
https://notcve.org/view.php?id=CVE-2020-6250
12 May 2020 — SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. SAP Adaptive Server Enterprise, versión 16.0, permite a un atacante autenticado explotar determinados endpoints mal configurados expuestos en la red adyacente, para leer la contraseñ... • https://launchpad.support.sap.com/#/notes/2917022 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6243
https://notcve.org/view.php?id=CVE-2020-6243
12 May 2020 — Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. Bajo determinadas condiciones, SAP Adaptive Server Enterprise (Servidor XP sobre Plataforma Windows), versiones 15.7, 16.0, no lleva a cabo las comprobaciones necesarias para un us... • https://launchpad.support.sap.com/#/notes/2915585 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0402
https://notcve.org/view.php?id=CVE-2019-0402
11 Dec 2019 — SAP Adaptive Server Enterprise, before versions 15.7 and 16.0, under certain conditions exposes some sensitive information to the admin, leading to Information Disclosure. SAP Adaptive Server Enterprise, versiones anteriores a 15.7 y 16.0, bajo determinadas condiciones expone cierta información confidencial al administrador, conllevando a una Divulgación de Información. • https://launchpad.support.sap.com/#/notes/2845780 •