Primary

Context

SAP Missing Authorization Check Vulnerability in Remote-Enabled Function Module

Vulnerability

A vulnerability exists in certain SAP products due to a missing authorization check. This flaw allows an authenticated user with non-administrative privileges to invoke a remote-enabled function module. Exploitation of this vulnerability could lead to unauthorized access to restricted information, causing a low impact on confidentiality. The vulnerability does not affect integrity or availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, bypassing normal access controls.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For details on the next SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin.

Added: Jul 8, 2025, 1:33 AM

Updated: Jul 8, 2025, 1:33 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

3.3

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Missing Authorization Check Vulnerability in Remote-Enabled Function Module

Vulnerability

Impact

Remediation

Affected Products

SAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating