SAP Adaptive Server Enterprise, version 16.0 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

SAP Adaptive Server Enterprise version 16.0 suffers from improper neutralization of special elements used in an sql command (‘SQL Injection’) vulnerability

Credit:

The information has been provided by Ahmad Halabi

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


Details

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.

 

Vulnerable Systems:

SAP Adaptive Server Enterprise, version 16.0

 

CVE Information:

CVE-2020-6241

 

Disclosure Timeline:
Published Date:5/12/2020

Categories: FeaturedNews