By 
On Wednesday, cybersecurity company Trustwave divulged the details of numerous flaws its researchers found in SAP Adaptive Server Enterprise (ASE).
Used by many organizations, especially financial institutions, SAP ASE is a relational database management system. SAP said that a large majority of the world’s leading 25 banks were using this product.
Experts at Trustwave examined SAP ASE and found as many as six flaws, most of which had a critical rating. The firm says the security holes can let unprivileged hackers gain complete control of the database and perhaps even the fundamental operating system.
The serious issues can allow a hacker with limited privileges to implement random code with higher permissions. Tracked as CVE-2020-6248 and CVE-2020-6252, the vulnerabilities are connected to the Backup Server and Cockpit components.
In a blog post, the company revealed that a high-severity flaw related to the XP Server component also exists and can also be misused for arbitrary code execution with LocalSystem privileges.
Trustwave stated its results to SAP, which issued patches in late April for ASE 15.7 and 16.0. SAP cited the susceptibilities in the advisory it released for its May 2020 security updates.
“Organizations often store their most critical data in databases, which, in turn, are often necessarily exposed in untrusted or publicly exposed environments,” Trustwave said. “This makes vulnerabilities like these essential to address and test quickly since they not only threaten the data in the database but potentially the full host that it is running on.”
