Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated malicious user to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver 600 |
||
sap netweaver 602 |
||
sap netweaver 603 |
||
sap netweaver 604 |
||
sap netweaver 605 |
||
sap netweaver 606 |
||
sap netweaver 617 |
||
sap netweaver 618 |
||
sap netweaver 800 |
||
sap netweaver 802 |
||
sap netweaver 803 |
||
sap netweaver 804 |
||
sap netweaver 805 |
||
sap netweaver 806 |
||
sap netweaver 807 |