Sap: >> Business Warehouse >> 710 Security Vulnerabilities
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-01-12
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
CVSS Score
9.9
EPSS Score
0.014
Published
2021-01-12