SAP NetWeaver Application Server for ABAP Missing Authorization Check Vulnerability Allowing Unauthorized Database Modifications

A vulnerability exists in SAP NetWeaver Application Server for ABAP due to a missing authorization check. This flaw allows authenticated attackers to execute specific ABAP function modules that can read, modify, or insert entries into the database configuration table of the ABAP system. Such unauthorized changes could degrade system performance or cause disruptions. While the vulnerability has a low impact on the application's integrity and availability, it does not affect confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications in the database configuration table, potentially causing reduced system performance or interruptions.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. Security fixes for SAP NetWeaver based products are delivered with support packages. For information on the latest SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin.