Описание
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Permissions RequiredVDB EntryVendor Advisory
- Vendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- ExploitMailing ListThird Party Advisory
- Permissions RequiredVDB EntryVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
9.1 Critical
CVSS3
9.1 Critical
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
Уязвимость программной платформы SAP S/4HANA и сервера контроля импорта DMIS Mobile Plug-In, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольные SQL-запросы
EPSS
9.1 Critical
CVSS3
9.1 Critical
CVSS3
6.5 Medium
CVSS2