Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis

SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful exploitation, an attacker can render the system unusable by triggering short dumps on login. This could cause a high impact on availability. Data confidentiality and integrity are not affected. No data can be read, changed or deleted.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

授权机制缺失

SAP Business Warehouse和SAP Plug-In Basis 安全漏洞

SAP Business Warehouse和SAP Plug-In Basis都是德国思爱普（SAP）公司的产品。SAP Business Warehouse是用于执行业务流程的关键组件，它允许用户设计、实施和管理业务流程，确保流程的合规性，并通过自动化减少手动操作的需要。SAP Plug-In Basis是一个插件。 SAP Business Warehouse和SAP Plug-In Basis存在安全漏洞，该漏洞源于已验证攻击者可向任意SAP数据库表和结构添加字段，可能导致系统不可用。

N/A

N/A