Description
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform.
Related CPE's
a
sap
netweaver_application_server_abap
13
References
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2022/May/42
ExploitMailing ListThird Party Advisory
https://launchpad.support.sap.com/#/notes/3002517
Permissions RequiredVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-06-09T14:15:07.977
4 years agoLast modified
2022-10-05T14:16:09.207
2 years ago