Описание
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*
cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*
EPSS
Процентиль: 68%
0.00574
Низкий
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.
EPSS
Процентиль: 68%
0.00574
Низкий
7.2 High
CVSS3
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89