Lucene search

[email protected]CVE-2015-3980

HistoryMay 12, 2015 - 8:59 p.m.

CVE-2015-3980

2015-05-1220:59:00

CWE-89

[email protected]

web.nvd.nist.gov

sap

crm

sql injection

vulnerability

cve-2015-3980

nvd

security

sap security note 2097534

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.6%

JSON

SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

CPENameOperatorVersion
sap:customer_relationship_managementsap customer relationship managementeq-

CPE	Name	Operator	Version
sap:customer_relationship_management	sap customer relationship management	eq	-

References

www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/

www.securityfocus.com/bid/74624

www.securitytracker.com/id/1032309

9.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

48.6%

JSON

Related for CVE-2015-3980

prion1 cvelist1