Description
SAP ERP BW Business Content is vulnerable to OS Command Injection through certain function modules. These function modules, when executed with elevated privileges, improperly handle user input, allowing attacker to inject arbitrary OS commands. This vulnerability allows the execution of unintended commands on the underlying system, posing a significant security risk to the confidentiality, integrity and availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://url.sap/sapsecuritypatchday
Vendor Advisory
https://me.sap.com/notes/3571093
Scores
CVSS v3
6.7
EPSS
0.0011
EPSS Percentile
28.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (4)
SAP_SE/SAP ERP BW Business Content
737
SAP_SE/SAP ERP BW Business Content
747
SAP_SE/SAP ERP BW Business Content
757
SAP_SE/SAP ERP BW Business Content
BI_CONT 707
Published
Apr 08, 2025
Tracked Since
Feb 18, 2026