Description
SAP NetWeaver allows an attacker to bypass authorization checks, enabling them to view portions of ABAP code that would normally require additional validation. Once logged into the ABAP system, the attacker can run a specific transaction that exposes sensitive system code without proper authorization. This vulnerability compromises the confidentiality.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- SAP_SE / SAP NetWeaverSAP_ABA 700 – SAP_ABA 700
- SAP_SE / SAP NetWeaver701 – 701
- SAP_SE / SAP NetWeaver702 – 702
- SAP_SE / SAP NetWeaver731 – 731
- SAP_SE / SAP NetWeaver740 – 740
- SAP_SE / SAP NetWeaver750 – 750
- SAP_SE / SAP NetWeaver751 – 751
- SAP_SE / SAP NetWeaver752 – 752
- SAP_SE / SAP NetWeaver75C – 75C
- SAP_SE / SAP NetWeaver75D – 75D
- SAP_SE / SAP NetWeaver75E – 75E
- SAP_SE / SAP NetWeaver75F – 75F
- SAP_SE / SAP NetWeaver75G – 75G
- SAP_SE / SAP NetWeaver75H – 75H
- SAP_SE / SAP NetWeaver75I – 75I