Description
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2835979
Scores
CVSS v3
8.8
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (6)
sap/application_server
740
sap/application_server
2008_1_46c
sap/application_server
2008_1_620
sap/application_server
2008_1_640
sap/application_server
2008_1_700
sap/application_server
2008_1_710
Published
May 12, 2020
Tracked Since
Feb 18, 2026