CVE-2015-3980

SAP Customer Relationship Management - SQL Injection in Business Rules Framework

Title source: llm

Description

SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.

References (3)

Core 3

Core References

Various Sources x_refsource_misc

http://www.onapsis.com/blog/analyzing-sap-security-notes-april-2015-edition/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74624

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1032309

Scores

EPSS 0.0023

EPSS Percentile 45.4%

Details

CWE

CWE-89

Status published

Products (1)

sap/customer_relationship_management

Published May 12, 2015

Tracked Since Feb 18, 2026