VDB

CVE-2020-6249

CVE-2020-6249 PUBLISHED CVSS 7.699999809265137 HIGH

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

EPSS 0.40% · 61.1th percentile

Risk Scores

CVSS 3.0
7.699999809265137
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score
0.40%
61.1th percentile

Affected Products

VendorProductVersions
SAP SESAP Master Data Governance (S4FND)*, < 103, < 104
sapmaster_data_governance_\(s4fnd\)103, 104, 102
SAP SESAP Master Data Governance (S4CORE)< 101
SAP SESAP Master Data Governance (SAP_BS_FND)*
sapmaster_data_governance_\(s4core\)101
sapmaster_data_governance_\(sap_bs_fnd\)748

Exploit Intelligence

Timeline

  • May 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›