Description
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated, low-privileged user to perform background Remote Function Calls without the required S_RFC authorization in certain cases. This can result in a high impact on integrity and availability, and no impact on the confidentiality of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
High
Affected products
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP PlatformKRNL64NUC 7.22 – KRNL64NUC 7.22
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.22EXT – 7.22EXT
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP PlatformKRNL64UC 7.22 – KRNL64UC 7.22
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.53 – 7.53
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP PlatformKERNEL 7.22 – KERNEL 7.22
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.54 – 7.54
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.77 – 7.77
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.89 – 7.89
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform7.93 – 7.93
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform9.16 – 9.16
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform9.18 – 9.18
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP Platform9.19 – 9.19