Description
SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected products
- SAP_SE / SAP Landscape TransformationDMIS 2011_1_700 – DMIS 2011_1_700
- SAP_SE / SAP Landscape Transformation2011_1_710 – 2011_1_710
- SAP_SE / SAP Landscape Transformation2011_1_730 – 2011_1_730
- SAP_SE / SAP Landscape Transformation2011_1_731 – 2011_1_731
- SAP_SE / SAP Landscape Transformation2018_1_752 – 2018_1_752
- SAP_SE / SAP Landscape Transformation2020 – 2020
References
Updated 32m ago · 2 sources