SAP Master Data Governance versions S4CORE 101 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) Vulnerability

Summary

SAP Master Data Governance versions S4CORE 101 suffers from improper neutralization of special elements used in an sql command (‘SQL Injection’) vulnerability

Credit:

The information has been provided by Ahmad Halabi

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


Details

The use of an admin backend report within SAP Master Data Governance, versions – S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

 

Vulnerable Systems:

SAP Master Data Governance versions S4CORE 101

SAP Master Data Governance versions S4FND 102

SAP Master Data Governance versions 103

SAP Master Data Governance versions 104

SAP Master Data Governance versions SAP_BS_FND 748

 

CVE Information:

CVE-2020-6249

 

Disclosure Timeline:
Published Date:5/12/2020

Categories: FeaturedNews