SQL Injection Vulnerability in SAP CRM Business Rules Framework
CVE-2015-3980

Currently unrated

Key Information:

Vendor: SAP
Status: Customer Relationship Management
Vendor: CVE Published:; 12 May 2015

Summary

A SQL injection vulnerability exists within the Business Rules Framework of SAP CRM, which could allow attackers to conduct arbitrary SQL command executions through unspecified vectors. This flaw poses significant risks to the integrity of the database and sensitive information within the affected SAP applications, highlighting the importance of immediate attention and remediation as detailed in SAP Security Note 2097534.

References

http://www.onapsis.com/blog/analyzing-sap-security-notes-...

x_refsource_MISC

http://www.securityfocus.com/bid/74624

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032309

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
May 12, 2015