CVE-2020-6317

{"id": "CVE-2020-6317", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.7, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 2.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2020-11-30T19:15:12.537", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2953203", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2953203", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions - 15.7, 16.0."}, {"lang": "es", "value": "En determinadas situaciones, un atacante con credenciales de usuario normales y acceso local a una instalaci\u00f3n de cabina ASE puede acceder a informaci\u00f3n confidencial que se muestra en los archivos de registro de instalaci\u00f3n. Esta informaci\u00f3n, aunque confidencial, es de utilidad limitada y no se puede utilizar para acceder, modificar o hacer que no est\u00e9 disponible ninguna otra informaci\u00f3n en la cabina o el sistema. Esto afecta a SAP Adaptive Server Enterprise, versiones - 15.7, 16.0"}], "lastModified": "2024-11-21T05:35:29.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4E3F2F1-91CA-465B-831F-3493F41EFEFA"}, {"criteria": "cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E0D26B-8929-4A77-A6C1-240B4DADB9BD"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}