SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:HSap Netweaver Application Server Abap
APPSap2011_1_6202011_1_6402011_1_7002011_1_7102011_1_7302011_1_7312011_1_7522020Sap S\/4 Hana
APPSap101102103104105
Powiązane podatności
SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Serve...
SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL
SAP S/4HANA: injection kodu ABAP/poleceń OS przez RFC z uprawnieniami admina
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...
An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO ...