ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has been corrected in the following versions: KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.74, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, 7.74, 8.04, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, 7.74, 7.75, 8.04.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 8.8 | HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 6.5 | MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| CWE ID | Type | Source |
|---|---|---|
| CWE-862 | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.securityfocus.com/bid/107377 | cna@sap.com | Third Party Advisory |
| https://launchpad.support.sap.com/#/notes/2727689 | cna@sap.com | Permissions Required Vendor Advisory |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 | cna@sap.com | Vendor Advisory |