VYPR
Unrated severityNVD Advisory· Published May 12, 2020· Updated Aug 4, 2024

CVE-2020-6249

CVE-2020-6249

Description

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

Affected products

4
  • Range: S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748
  • SAP SE/SAP Master Data Governance (S4CORE)v5
    Range: < 101
  • SAP SE/SAP Master Data Governance (S4FND)v5
    Range: < 102
  • SAP SE/SAP Master Data Governance (SAP_BS_FND)v5
    Range: < 748

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.