Release date:
Updated on: 2013-09-06
Affected Systems:
Sap net Weaver 7.30
Description:
--------------------------------------------------------------------------------
Bugtraq id: 62147
SAP NetWeaver is the integrated technology platform of SAP and the technical foundation of all SAP applications since SAP Business Suite.
SAP NetWeaver 7.30 does not properly filter some input in the "ABAD0_DELETE_DERIVATION_TABLE" function, which is used in SQL queries. Remote attackers can exploit this vulnerability to operate SQL queries by injecting arbitrary SQL code.
<* Source: Nikolay Mescherin
Link: http://www.securelist.com/en/advisories/54702
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
SAP
---
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sap.com/platform/netweaver/index.epx
Https://service.sap.com/sap/support/notes/1840249