Description
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- SAP_SE / SAP NetWeaver AS ABAP and ABAP PlatformKRNL64NUC 7.22 – KRNL64NUC 7.22
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.22EXT – 7.22EXT
- SAP_SE / SAP NetWeaver AS ABAP and ABAP PlatformKRNL64UC 7.22 – KRNL64UC 7.22
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform722EXT – 722EXT
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.53 – 7.53
- SAP_SE / SAP NetWeaver AS ABAP and ABAP PlatformKERNEL 7.22 – KERNEL 7.22
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.54 – 7.54
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.77 – 7.77
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.89 – 7.89
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform7.93 – 7.93
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform9.16 – 9.16
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform9.18 – 9.18
- SAP_SE / SAP NetWeaver AS ABAP and ABAP Platform91.9 – 91.9