Описание
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Permissions Required
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9.9 Critical
CVSS3
9.9 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
EPSS
9.9 Critical
CVSS3
9.9 Critical
CVSS3
6.5 Medium
CVSS2