Potential disclosure of persisted data in SCM Resource Mastr, SAP security note 1504059

Description

A malicious user could theoretically exploit SCM Resource Master Data and use specially crafted inputs to modify database commands, resulting in the retrieval of additional information persisted by the system.

Available fix and Supported packages

SCM_BASIS | 510 | 510
SCM_BASIS | 700 | 700
SCM_BASIS | 701 | 701
SCM_BASIS 701 | SAPK-70102INSCMBASIS |
SCM_BASIS 510 | SAPK-51018INSCMBASIS |
SCM_BASIS 700 | SAPK-70009INSCMBASIS |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1504059

Arpine Maghakyan

Potential disclosure of persisted data in SCM Resource Mastr, SAP security note 1504059

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injection
#database
#Supply-Chain-Management-Resource-Master

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

Arpine Maghakyan

Potential disclosure of persisted data in SCM Resource Mastr, SAP security note 1504059

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injection#database#Supply-Chain-Management-Resource-Master

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

#SQL-injection
#database
#Supply-Chain-Management-Resource-Master