CVE-2020-6230

High

9.1/10

Summary

SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Apr 14, 2020

CVE-2020-6230

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS