Description
SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to this, some information could be modified, but the attacker does not have control over kind or degree. This leads to a low impact on integrity, while confidentiality and availability are not impacted.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- SAP_SE / SAP Landscape TransformationDMIS 2011_1_700 – DMIS 2011_1_700
- SAP_SE / SAP Landscape Transformation2011_1_710 – 2011_1_710
- SAP_SE / SAP Landscape Transformation2011_1_730 – 2011_1_730
- SAP_SE / SAP Landscape Transformation2011_1_731 – 2011_1_731
- SAP_SE / SAP Landscape Transformation2011_1_752 – 2011_1_752
- SAP_SE / SAP Landscape Transformation2020 – 2020
- SAP_SE / SAP Landscape TransformationS4CORE 102 – S4CORE 102
- SAP_SE / SAP Landscape Transformation103 – 103
- SAP_SE / SAP Landscape Transformation104 – 104
- SAP_SE / SAP Landscape Transformation105 – 105
- SAP_SE / SAP Landscape Transformation106 – 106
- SAP_SE / SAP Landscape Transformation107 – 107
- SAP_SE / SAP Landscape Transformation108 – 108
- SAP_SE / SAP Landscape Transformation109 – 109