RSS   Vulnerabilities for 'Business warehouse'   RSS

2021-01-12
 
CVE-2021-21468

CWE-862
 

 
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

 
 
CVE-2021-21466

CWE-94
 

 
SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service.

 
 
CVE-2021-21465

CWE-89
 

 
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.

 
2020-12-09
 
CVE-2020-26838

CWE-78
 

 
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

 

 >>> Vendor: SAP 332 Products
Router
Application server
Sap r 3 web application server demo
Saposcol
E-commerce
Crystal reports
Sap db
Sap r 3
Sapgui
Adaptive server enterprise
Internet transaction server
Mysap business suite
Maxdb
Sap web application server
Business connector
Sapdba
Download manager
Infrastructure
Internet graphics server
Inventory manager
Saplpd
Sapsprint
Rfc library
Sap basis component 640
Sap basis component 700
Netweaver nw04
Netweaver nw04s
Enjoysap
Internet communication manager
Sap message server
Business objects
Sql anywhere
Netweaver
Web dynpro
Sap gui
Tabone
Commerce
Gateway
Crystal reports server
Sap kernel
Business one 2005-a
Businessobjects
J2ee engine core
Server core
System landscape directory
Netweaver business client
Netweaver abap
GUI
Production planning and control
Healthcare industry solution
Erp cental component
Basis communication services
Erp central component
Network interface router
Netweaver logviewer
Netweaver development infrastructure
Customer relationship management
Emr unwired
Netweaver solution manager
Netweaver exchange infrastructure (bc-xi)
Bi universal data integration
Ccms / database monitor
J2ee engine
Guided procedures archive monitor
Mobile infrastructure
Adminadapter
Cm services
Cms services
Ccms agent
Solution manager
Enterprise portal
Software deployment manager
Enhancement package
HANA
Print and output management
Business object processing framework for abap
Netweaver software lifecycle manager
Netweaver abap application server
Profile maintenance
Background processing
Netweaver java application server
Project system
Brazil
Web services tool
Computing center management system monitoring
Transaction data pool
Capacity leveling
Open hub service
Oil industry solution traders and schedulers workbench
Upgrade tools
Supplier relationship management
Hana extend application services
Netweaver business warehouse
Fi manager self-service
Businessobjects xi
Businessobjects explorer
Commoncryptolib
Sapcrytolib
Sapseculib
Environment health and safety
See all Products for Vendor SAP


Copyright 2024, cxsecurity.com

 

Back to Top