Description
An SQL Injection vulnerability in SAP Quality Management (corrected in S4CORE versions 1.0, 1.01, 1.02, 1.03) allows an attacker to carry out targeted database queries that can read individual fields of historical inspection results.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2816035
Scores
CVSS v3
4.3
EPSS
0.0027
EPSS Percentile
49.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (4)
sap/quality_management
1.0
sap/quality_management
1.01
sap/quality_management
1.02
sap/quality_management
1.03
Published
Nov 13, 2019
Tracked Since
Feb 18, 2026