CVE-2020-6249

Name of the Vulnerable Software and Affected Versions SAP Master Data Governance versions S4CORE 101, S4FND 102, 103, 104, SAP BS FND 748

Description The issue allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. This occurs through the use of an admin backend report within SAP Master Data Governance.

Recommendations For versions S4CORE 101, S4FND 102, 103, 104, SAP BS FND 748, consider restricting access to the admin backend report to minimize the risk of exploitation. As a temporary workaround, avoid using the admin backend report until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.