{"api_version":"1","generated_at":"2026-04-22T23:30:44+00:00","cve":"CVE-2020-6253","urls":{"html":"https://cve.report/CVE-2020-6253","api":"https://cve.report/api/cve/CVE-2020-6253.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-6253","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-6253"},"summary":{"title":"CVE-2020-6253","description":"Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.","state":"PUBLIC","assigner":"cna@sap.com","published_at":"2020-05-12 18:15:00","updated_at":"2020-05-15 15:37:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://launchpad.support.sap.com/#/notes/2917273","name":"https://launchpad.support.sap.com/#/notes/2917273","refsource":"MISC","tags":["Permissions Required"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222","refsource":"MISC","tags":["Vendor Advisory"],"title":"SAP Security Patch Day – May 2020 - Product Security Response at SAP - Community Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-6253","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6253","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"6253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"adaptive_server_enterprise","cpe6":"15.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6253","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"adaptive_server_enterprise","cpe6":"16.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"adaptive_server_enterprise","cpe6":"15.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"6253","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"adaptive_server_enterprise","cpe6":"16.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-6253","ASSIGNER":"cna@sap.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"SAP SE","product":{"product_data":[{"product_name":"SAP Adaptive Server Enterprise (Web Services)","version":{"version_data":[{"version_name":"<","version_value":"15.7"},{"version_name":"<","version_value":"16.0"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection."}]},"impact":{"cvss":{"baseScore":"7.2","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"SQL Injection"}]}]},"references":{"reference_data":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222","refsource":"MISC","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"},{"url":"https://launchpad.support.sap.com/#/notes/2917273","refsource":"MISC","name":"https://launchpad.support.sap.com/#/notes/2917273"}]}},"nvd":{"publishedDate":"2020-05-12 18:15:00","lastModifiedDate":"2020-05-15 15:37:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:adaptive_server_enterprise:16.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:adaptive_server_enterprise:15.7:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"6253","Ordinal":"166506","Title":"CVE-2020-6253","CVE":"CVE-2020-6253","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"6253","Ordinal":"1","NoteData":"Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"6253","Ordinal":"2","NoteData":"2020-05-12","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"6253","Ordinal":"3","NoteData":"2020-05-12","Type":"Other","Title":"Modified"}]}}}