Skip links

SQL Injection Vulnerability in Revenue Accounting, SAP security note 2462813

Description

Revenue Accounting allows an attacker to execute crafted database queries, exposing the backend database.

Some well-known impacts of SQL Injection vulnerability are –

  • read sensitive data , modify or delete data from database
  • execute admin level operations on database

Available fix and Supported packages

  • REVREC | 120 | 120
  • REVREC | 130 | 130
  • REVREC 120 | SAPK-12004INREVREC |
  • REVREC 130 | SAPK-13002INREVREC |

Affected component

    FI-RA
    Revenue Accounting

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2462813

TAGS

#FARR
#Revenue-Accounting
#Injection-attack
#blind-SQL-injection
#database-vulnerabilities