SAP BASIS Missing Authorization Check in Obsolete RFC Function Module Vulnerability

A vulnerability exists in SAP BASIS due to a missing authorization check in an outdated Remote Function Call (RFC) enabled function module. This flaw allows an authenticated low-privileged attacker to invoke an RFC, potentially accessing restricted system information. The vulnerability has a low impact on confidentiality, with no effect on the application's integrity or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted system information, with a low impact on confidentiality.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For guidance on how to access and apply SAP Security Notes, refer to the SAP Security Notes FAQs.