SAP NetWeaver AS ABAP Authorization Bypass Vulnerability in RFC Function Modules

A vulnerability exists in SAP NetWeaver AS ABAP and ABAP Platform, where authorization checks are not properly enforced for certain Remote Function Call (RFC) function modules. This flaw allows an attacker with basic user privileges to manipulate data in the Informix database, potentially leading to a complete compromise of confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to and manipulation of data in the Informix database, causing a full compromise of confidentiality, integrity, and availability.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.