CVE-2020-6249
7.7HIGH
Key Information:
- Vendor
- SAP
- Status
- Vendor
- CVE Published:
- 12 May 2020
Summary
The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.
Affected Version(s)
SAP Master Data Governance (S4CORE) < 101
SAP Master Data Governance (S4FND) < 102 < 102
SAP Master Data Governance (S4FND) < 103 < 103
References
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved