Primary

Context

SAP CRM and SAP S/4HANA SQL Injection Vulnerability Allowing Full Database Compromise

Vulnerability

A vulnerability exists in SAP CRM and SAP S/4HANA's Scripting Editor, where an authenticated attacker can exploit a flaw in a generic function module call. This exploitation allows the execution of unauthorized critical functionalities, including arbitrary SQL statements. The consequence is a full database compromise, significantly impacting confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to a full database compromise, with severe consequences for confidentiality, integrity, and availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security updates and patches. It is recommended to implement these security corrections as a priority.

Added: Feb 10, 2026, 8:20 AM

Updated: Feb 10, 2026, 8:20 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

0.0

relevance

2.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP CRM and SAP S/4HANA SQL Injection Vulnerability Allowing Full Database Compromise

Vulnerability

Impact

Remediation

Affected Products

SAP CRM

SAP S/4HANA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating