CVE-2020-6236

Published: Apr 14, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

Affected (2)

Products: Sap: Adaptive Extensions, Landscape Management

2 products

Adaptive Extensions

Landscape Management

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Adaptive Extensions	Version 1.0
Sap Landscape Management	Version 3.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

https://launchpad.support.sap.com/#/notes/2902456

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2902456

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.