Primary

Context

SAP NetWeaver Authorization Bypass Vulnerability Allowing Unauthorized Access to ABAP Code

Vulnerability

An authorization bypass vulnerability has been identified in SAP NetWeaver, allowing attackers to access ABAP code that typically requires additional validation. Once authenticated in the ABAP system, an attacker can execute a specific transaction that reveals sensitive system code without proper authorization, thereby compromising confidentiality.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive ABAP code, bypassing standard authorization checks.

Remediation

Users are advised to consult the SAP Security Notes and implement the necessary patches. SAP Security Patch Day occurs on the second Tuesday of each month. For details on specific patch days, refer to the SAP Security Patch Day Bulletin Archive.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

3.8

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

3.8

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver Authorization Bypass Vulnerability Allowing Unauthorized Access to ABAP Code

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating