SQL Injection Vulnerability in SAP NetWeaver Business Warehouse
CVE-2014-8663

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver Business Warehouse
Vendor: CVE Published:; 6 November 2014

Summary

An SQL injection vulnerability exists within the Data Basis component of SAP NetWeaver Business Warehouse, exposing it to remote attackers who could potentially execute arbitrary SQL commands. This vulnerability arises from the inadequacy of input validation, which can be exploited through various unspecified vectors, leading to unauthorized access and manipulation of the database. Organizations using this product should assess their current security measures and consider implementing necessary patches or security updates provided by SAP.

References

http://service.sap.com/sap/support/notes/0001965819

x_refsource_MISC

http://blog.onapsis.com/analyzing-sap-security-notes-octo...

x_refsource_MISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 6, 2014