Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT function modules listed in Solution Section to execute manipulated query or inject ABAP code to gain access to Backend Database. On successful exploitation the threat actor could completely compromise confidentiality, integrity, and availability of the system.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSap Landscape Transformation
APPSap2.0Sap Landscape Transformation Replication Server
APPSap1.02.03.0Sap S\/4hana
APPSap1511161017091809190920202021Sap Test Data Migration Server
APPSap4.0
Related vulnerabilities
SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), a...
During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messa...