SAP Business Warehouse Missing Authorization Check Vulnerability Allowing Unauthorized Actions

A vulnerability exists in SAP Business Warehouse's Service API due to a missing authorization check. This flaw allows authenticated attackers to perform unauthorized actions through an affected RFC function module. Exploitation of this vulnerability could lead to unauthorized changes in configuration and control, potentially disrupting request processing and causing a denial-of-service condition. While the vulnerability has a low impact on integrity, it significantly affects availability, with no impact on confidentiality.

Impact

Exploitation of this vulnerability could cause unauthorized configuration and control changes, disrupting request processing and leading to a denial-of-service condition.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Day, which occurs on the second Tuesday of each month.