Volerion logoVolerion
Volerion logoVolerion

SAP NetWeaver Application Server for ABAP Missing Authorization Check Vulnerability Allowing Unauthorized Access to Database Analyzer Log Files

Vulnerability

A vulnerability exists in SAP NetWeaver Application Server for ABAP due to a missing authorization check. This flaw allows an authenticated attacker with user privileges to access Database Analyzer Log Files through a specific RFC function module. While the attacker could potentially escalate privileges and access sensitive data, the impact on information confidentiality is limited. The vulnerability does not affect system integrity or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive log files, with a potential for privilege escalation.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.

Added: Mar 10, 2026, 6:18 PM
Updated: Mar 10, 2026, 6:18 PM

Vulnerability Rating

Custom Algorithm
spread
5.7
impact
0.6
exploitability
4.9
remediation
0.0
relevance
3.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.