SQL Injection Vulnerability in SAP NetWeaver J2EE Engine
CVE-2015-7239

Currently unrated

Key Information:

Vendor: SAP
Status: Netweaver J2ee Engine
Vendor: CVE Published:; 18 September 2015

Summary

A SQL injection vulnerability exists in the BP_FIND_JOBS_WITH_PROGRAM function module of SAP NetWeaver J2EE Engine 7.40. This flaw enables remote attackers to execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the application's database. Attackers may exploit this vulnerability through various unspecified vectors, highlighting the importance of implementing robust security measures to defend against such attacks.

References

https://erpscan.io/advisories/erpscan-15-021-sap-netweave...

x_refsource_MISC

http://www.securityfocus.com/archive/1/537109/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2015/Dec/66

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Sep 18, 2015
Vulnerability Reserved
Sep 18, 2015