10 matches found
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
Sql injection
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21465
CVE-2021-21465 affects SAP BW Database Interface. The vulnerability arises from improper sanitization of untrusted data, allowing an attacker with low privileges to craft SQL queries that the backend database will execute, potentially fully compromising the SAP system. Connected sources corrobora...
CVE-2021-21465
The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection...
CVE-2021-21468
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table...
CVE-2021-21468
CVE-2021-21468 affects the BW Database Interface in SAP BW, where missing authorization for an authenticated user allows privilege escalation to read arbitrary database tables. Documented impact: unauthorized data access via read of any table; no explicit exploit details provided here. Public ref...
PT-2021-14536 · Unknown · Bw Database Interface
Name of the Vulnerable Software and Affected Versions: BW Database Interface affected versions not specified Description: The issue is related to the BW Database Interface not performing necessary authorization checks for an authenticated user. This results in an escalation of privileges, allowin...