code injection vulnerability in module editor, SAP security note 1688518

Description

In customizing of module editor, you can enter arbitrary ABAP coding. An attacker can therefore control the behavior of the system, or can potentially escalate privileges by executing malicious code, without having their own legitimate credentials.

Available fix and Supported packages

FSAPPL | 200 | 200
BANK-ALYZE | 42 | 42
BANK-ALYZE | 50 | 50
FSAPPL 200 | SAPKISC319 |
BANK-ALYZE 42 | SAPKIBAM16 |
BANK-ALYZE 50 | SAPKIBAL27 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact support@redrays.io for details.

URL

https://launchpad.support.sap.com/#/notes/1688518

Vahagn Vardanian

code injection vulnerability in module editor, SAP security note 1688518

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Backdoor
#injection
#run
#credentials
#module-editor

Explore More

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

Vahagn Vardanian

code injection vulnerability in module editor, SAP security note 1688518

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Backdoor#injection#run#credentials#module-editor

Explore More

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

Special offer for SAP Security Udemy course!

$ 9.99

#Backdoor
#injection
#run
#credentials
#module-editor