Primary

Context

SAP NetWeaver Application Server ABAP Missing Authorization Check Vulnerability in Virus Scanner Interface

Vulnerability

A vulnerability allowing a missing authorization check has been identified in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. This issue enables an authenticated user with non-administrative privileges to initiate a transaction that accesses, but does not modify, non-sensitive data without additional authorization. The vulnerability does not impact system availability.

Impact

Exploitation of this vulnerability allows unauthorized access to non-sensitive data, with no effect on system availability.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

0.6

exploitability

4.9

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver Application Server ABAP Missing Authorization Check Vulnerability in Virus Scanner Interface

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver Application Server ABAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating