SAP NetWeaver Remote-Enabled Function Module Information Disclosure Vulnerability

A vulnerability in SAP NetWeaver allows an authenticated non-administrative user to access non-sensitive information about the SAP system and operating system. This is achieved by calling a remote-enabled function module, without the need for specific knowledge or controlled conditions. The vulnerability has a low impact on confidentiality, with no effects on the integrity or availability of the application.

Impact

Exploitation of this vulnerability could lead to unauthorized access to non-sensitive system information, potentially aiding in further attacks or exploitation.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For details on the next SAP Security Patch Day, refer to the SAP Security Patch Day calendar.