Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master Data Layer (MDL))
Vulnerability Description
SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SAP S/4HANA Cloud Private 代码注入漏洞
Vulnerability Description
SAP S/4HANA Cloud Private是德国思爱普(SAP)公司的一个私有云部署的企业级智能ERP套件,基于内存计算架构。 SAP S/4HANA Cloud Private存在代码注入漏洞,该漏洞源于缺少输入验证和授权检查,可能导致替换任意ABAP程序。
CVSS Information
N/A
Vulnerability Type
N/A