SAP NetWeaver Application Server for ABAP Missing Authorization Check Vulnerability Allowing Unauthorized Access to Sensitive Data

A vulnerability exists in SAP NetWeaver Application Server for ABAP due to a missing authorization check. This flaw allows an authenticated user with high privileges to exploit inadequate validation of user permissions, enabling access to sensitive database tables. The vulnerability takes advantage of overly permissive access configurations, allowing unauthorized reading of critical data and significantly impacting the confidentiality of the information stored. However, the integrity and availability of the system remain unaffected.

Impact

Exploitation of this vulnerability could lead to unauthorized access and reading of sensitive data from critical database tables, causing a significant breach of confidentiality.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.