CVE-2020-6249 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-6249 PUBLISHED CVSS 7.699999809265137 HIGH

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

EPSS 0.40% · 60.5th percentile

Risk Scores

CVSS v3.0

7.699999809265137

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.40%

60.5th percentile

Affected Products

Vendor	Product	Versions
SAP SE	SAP Master Data Governance (S4FND)	< 104, < 102, < 103
sap	master_data_governance_\(s4fnd\)	104, 102, 103
SAP SE	SAP Master Data Governance (S4CORE)	< 101
SAP SE	SAP Master Data Governance (SAP_BS_FND)	< 748
sap	master_data_governance_\(s4core\)	101
sap	master_data_governance_\(sap_bs_fnd\)	748

Timeline

May 12, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

Open in Interactive Console →