Cybersecurity firm Trustwave released on Wednesday details of several vulnerabilities its researchers found in SAP Adaptive Server Enterprise (ASE).
SAP ASE is a system of relational database management which is used by many major organizations, particularly in the financial sector. At one point, SAP said that a overwhelming majority of the world ‘s top 25 banks have used this drug.
Trustwave researchers analyzed SAP ASE and discovered six vulnerabilities in total, most of which were assigned a critical or high severity rating. The company says the security holes can enable unprivileged attackers to gain full control of the database and possibly even the operating system underlying it.
The critical issues may allow an attacker with limited privileges to execute arbitrary code with higher permissions on Windows systems — LocalSystem permissions. The flaws, tracked as CVE-2020-6248 and CVE-2020-6252, relate to components of the Backup Server and the Cockpit.
There’s also a high-severity flaw related to the XP Server component that can also be exploited with LocalSystem privileges for arbitrary code execution, Trustwave revealed in a blog post.
Two other vulnerabilities with high severity allow privilege escalation via SQL injection attacks. The last problem, classified medium severity, only affects Linux / UNIX systems and it has to do with the existence of cleartext passwords in installation logs. Combined with other vulnerabilities, this weakness can be dangerous, as it can result in SAP ASE becoming completely compromised.
Trustwave reported its findings to SAP which released patches for ASE 15.7 and 16.0 in late April. SAP mentioned the vulnerabilities for its May 2020 security updates in the advisory they released.
“Organizations often store their most critical data in databases, which are often necessarily exposed in environments that are untrusted or publicly exposed,” Trustwave said. “This makes vulnerabilities such as these essential to address and test quickly since they threaten not only the data in the database but potentially the full host it runs on.”
The latest round of security updates from SAP addressed 18 vulnerabilities that affect ABAP Application Server, Business Client, Business Objects, Enterprise Threat Detection, Master Data Governance, NetWeaver and Identity Management.
