Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
Under specific environmental conditions, the Internet Communication Framework (ICF) component in SAP NetWeaver AS for ABAP does not properly enforce access restrictions (CWE-732 – improper permissions configured for resources). An attacker with basic network access and minimal privileges can exploit this vulnerability to gain access to information and resources they should not have access to. The vulnerability does not require user interaction, and its scope extends beyond the original application context (Scope Changed).
An attacker can gain unauthorized access to protected data and functions of the SAP system, which may result in disclosure of sensitive business information, data modification, and disruption of application availability.
Apply patches available from the vendor according to references – SAP note no. 3550708 published as part of SAP Security Patch Day (https://url.sap/sapsecuritypatchday). Immediate implementation of the fix is recommended due to critical CVSS level 9.9.
SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) – SAP Basis; specific versions indicated in vendor references (SAP note 3550708)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HSap Basis
APPSap700701702731740750751752753754755756757758912+ 2 więcej
Related vulnerabilities
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privilege...
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC functio...
The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote atta...
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated ...
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated admi...