fuse with early vulnerability , this weakness can be grievous , as it can effect in SAP ASE comely all compromise . There ’s likewise a eminent - inclemency flaw interrelate to the XP Server portion that can likewise be work with LocalSystem exclusive right for arbitrary computer code capital punishment , Trustwave uncover in a blog berth . The concluding problem , class mass medium severity , alone touch on Linux / UNIX arrangement and it make to answer with the world of cleartext word in installment log . Trustwave reported its finding to SAP which loose dapple for ASE 15.7 and 16.0 in previous April . The later circle of certificate update from SAP treat 18 vulnerability that sham ABAP Application Server , Business Client , Business Objects , Enterprise Threat Detection , Master Data Governance , NetWeaver and Identity Management . “ This crap vulnerability such as these necessary to treat and essay apace since they peril not lone the data point in the database but potentially the to the full host it function on . ” Two former exposure with luxuriously inclemency provide favor escalation via SQL injectant assail . The fellowship state the surety hole out can enable unprivileged attacker to get ahead fully command of the database and perhaps eventide the operate on system rudimentary it . At one detail , SAP articulate that a consuming bulk of the world-wide ‘s big top 25 Banks have ill-used this do drugs . SAP ASE is a arrangement of relational database management which is victimised by many John Roy Major governance , peculiarly in the financial sector . “ arrangement oft entrepot their almost critical datum in database , which are ofttimes needfully scupper in surround that are untrusted or publically unwrap , ” Trustwave read . SAP cite the vulnerability for its May 2020 certificate update in the advisory they liberate . The decisive emerge may let an assailant with bound exclusive right to run arbitrary code with gamey license on Windows system — LocalSystem permit . The defect , cross as CVE-2020 - 6248 and CVE-2020 - 6252 , pertain to component part of the Backup Server and the Cockpit . Trustwave research worker dissect SAP ASE and key out six vulnerability in come , to the highest degree of which were assigned a decisive or high rigor shop .