The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
sap business warehouse 731 |
||
sap business warehouse 740 |
||
sap business warehouse 750 |
||
sap business warehouse 751 |
||
sap business warehouse 752 |
||
sap business warehouse 753 |
||
sap business warehouse 754 |
||
sap business warehouse 755 |
||
sap business warehouse 782 |
||
sap business warehouse 730 |
||
sap business warehouse 710 |
||
sap business warehouse 711 |
That aside, enjoy the light load of 56 vulns in Windows and other code Rubbish software security patches responsible for a quarter of zero-days last year
Patch Tuesday For its February Patch Day, Microsoft released security advisories covering 56 CVE-assigned vulnerabilities, 11 of them rated critical. In doing so, the Windows giant managed to publish a misspelled URL on the landing page for its February updates that instead of taking visitors to the intended Microsoft Security Response Center post about API changes, pointed to msrc-blog.microosft.com, which turns out to be a typo-bait domain. It redirects visitors to a findanswersnow.net search ...
Vulmon