CVE-2020-6249

Summary

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Master Data Governance (S4CORE)< 101affected
SAP SESAP Master Data Governance (S4FND)< 102affected
SAP SESAP Master Data Governance (S4FND)< 103affected
SAP SESAP Master Data Governance (S4FND)< 104affected
SAP SESAP Master Data Governance (SAP_BS_FND)< 748affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References