Description
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform700 – 700
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform701 – 701
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform702 – 702
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform731 – 731
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform740 – 740
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform750 – 750
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform751 – 751
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform752 – 752
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform753 – 753
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform754 – 754
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform755 – 755
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform756 – 756
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform757 – 757
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform758 – 758
- SAP_SE / SAP NetWeaver Application Server for ABAP and ABAP Platform912 – 912