9 matches found
EUVD-2021-20378
Malware in sbrugna...
The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL queries.
The vulnerability of the SAP S/4HANA software platform and the DMIS Mobile Plug-In import control server is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
CVE-2021-33701
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...
CVE-2021-33701
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...
Sql injection
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...
CVE-2021-33701
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...
CVE-2020-26808
SAP AS ABAPDMIS, versions - 20111620, 20111640, 20111700, 20111710, 20111730, 20111731, 20111752, 2020 and SAP S4 HANADMIS, versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the...
CVE-2020-26808
SAP AS ABAPDMIS, versions - 20111620, 20111640, 20111700, 20111710, 20111730, 20111731, 20111752, 2020 and SAP S4 HANADMIS, versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the...
CVE-2020-26808
CVE-2020-26808 affects SAP AS ABAP (DMIS) and SAP S/4HANA (DMIS) with listed 2011_1_620/640/700/710/730/731/752 and 2020-era S4HANA 101–105 versions. The issue allows an authenticated attacker to inject arbitrary code into a function module, leading to code execution within the application and im...