CVE-2020-6249 SQL Injection vulnerability in SAP Master Data Governance(MDG), SAP security note 2908560
Description
The use of an admin backend report from within MDG allows an attacker to execute crafted database queries, exposing the backend database.
Some well-known impacts of SQL Injection vulnerability are –
- Read sensitive data
- Execute admin level operations on database
Available fix and Supported packages
- S4CORE | 101 | 101
- S4FND | 102 | 102
- S4FND | 103 | 103
- S4FND | 104 | 104
- SAP_BS_FND | 748 | 748
- | SAPK-S4CLOUD_2008 |
- S4CORE 101 | SAPK-10109INS4CORE |
- S4FND 103 | SAPK-10304INS4FND |
- S4FND 104 | SAPK-10402INS4FND |
- S4FND 102 | SAPK-10207INS4FND |
- SAP_BS_FND 748 | SAPK-74815INSAPBSFND |
Affected component
- CA-MDG-CMP
Consolidation & Mass Processing
CVSS
Score: 7.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2908560