Unrated severityNVD Advisory· Published Apr 14, 2020· Updated Aug 4, 2024

CVE-2020-6236

Description

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

Affected products

SAP/SAP Adaptive Extensionsllm-create
Range: = 1.0
SAP/Landscape Managementllm-fuzzy
Range: = 3.0
SAP SE/SAP Adaptive Extensionsv5
Range: < 1.0
SAP SE/SAP Landscape Managementv5
Range: < 3.0

Patches

Vulnerability mechanics

References

launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000