SAP NetWeaver AS ABAP SAP GUI for HTML Local Storage Data Exposure Vulnerability

A vulnerability exists in applications using SAP GUI for HTML on SAP NetWeaver Application Server ABAP, where user input is stored in the local browser storage. This storage is accessible to attackers with administrative privileges or those who can access the victim's user directory at the operating system level. The exposed data, depending on the user input in transactions, could range from non-critical to highly sensitive, significantly impacting the application's confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data, causing a significant breach of confidentiality within the application.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP for Me platform. This vulnerability will also be addressed in the next SAP Security Patch Day.