SAP NetWeaver and ABAP Platform ABAP SQL Memory Address Handling Vulnerability Allowing SQL Injection

A vulnerability exists in the ABAP SQL processing of SAP NetWeaver and the ABAP Platform (Application Server ABAP). This issue arises from improper management of memory addresses, which could enable an authenticated attacker with high privileges to execute specific SQL queries. Exploitation of this vulnerability could lead to unauthorized manipulation of content in the output variable. While the vulnerability has been assessed as having a low impact on the application's confidentiality, integrity, and availability, it still poses a risk that should be addressed.

Impact

Exploitation of this vulnerability could result in unauthorized manipulation of output variables, potentially leading to misleading or incorrect information being presented to users or systems.

Remediation

Users are advised to consult the SAP Security Notes and implement the recommended patches. This vulnerability will be addressed in the upcoming SAP Security Patch Day.