Primary

Context

SAP Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in certain SAP products due to a lack of proper authorization checks. This flaw enables an authenticated attacker to invoke a remote-enabled function module, potentially accessing data that should be restricted. However, the attacker cannot alter data or affect system availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data.

Remediation

Users are advised to review and implement the latest SAP Security Notes. These security patches are available through the SAP Security Patch Day, which occurs on the second Tuesday of each month. For more information, consult the SAP Security Notes FAQs.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

SAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating