Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code Injection vulnerability in SAP S/4HANA (Private Cloud and On-Premise)
Vulnerability Description
SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SAP S/4HANA 代码注入漏洞
Vulnerability Description
SAP S/4HANA是德国思爱普(SAP)公司的一个基于 SAP HANA 内存数据库系统的的企业资源管理软件。 SAP S/4HANA存在代码注入漏洞,该漏洞源于攻击者可通过RFC暴露的函数模块注入任意ABAP代码或OS命令,绕过授权检查,可能导致系统完全被破解。
CVSS Information
N/A
Vulnerability Type
N/A