SAP Application Server ABAP and ABAP Platform Missing Authorization Check Vulnerability Allowing Data Manipulation via RFC Functions

A vulnerability has been identified in SAP Application Server ABAP and ABAP Platform, where a missing authorization check allows authenticated attackers to misuse Remote Function Call (RFC) functions to execute form routines (FORMs) within the ABAP system. Exploitation of this vulnerability could enable attackers to write or modify data accessible through FORMs and invoke system functionalities exposed via FORMs. This issue arises from a lack of proper authorization verification, potentially leading to significant integrity and availability impacts, while leaving confidentiality unaffected.

Impact

Exploitation of this vulnerability could result in unauthorized data modification or corruption, allowing attackers to manipulate information accessed through FORMs. Additionally, the vulnerability could disrupt system functionalities linked to the exploited FORMs, causing availability issues.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches or updates. SAP Security Notes can be accessed through the SAP for Me platform, specifically in the 'All Security Notes' section. It is recommended to prioritize the implementation of these security corrections.