DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HSap Dmis
APPSap2011_1_6202011_1_6402011_1_7002011_1_7102011_1_7302011_1_7312011_1_7522020125710Sap S4core
APPSap102103104105Sap Sapscore
APPSap125
Related vulnerabilities
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated...
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...