Description
SAP Kernel (ABAP Debugger) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- read, modify or delete restricted data
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KRNL64UC | 7.73 | 7.73
- KERNEL | 7.21 | 7.22
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.73 | 7.73
- SAP KERNEL 7.21 32-BIT | SP1300 | 001300
- SAP KERNEL 7.21 32-BIT UNICODE | SP1300 | 001300
- SAP KERNEL 7.21 64-BIT | SP1300 | 001300
- SAP KERNEL 7.21 64-BIT UNICODE | SP1300 | 001300
- SAP KERNEL 7.21 EXT 64-BIT | SP1300 | 001300
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1300 | 001300
- SAP KERNEL 7.22 64-BIT | SP816 | 000816
- SAP KERNEL 7.22 64-BIT UNICODE | SP816 | 000816
- SAP KERNEL 7.22 EXT 64-BIT | SP816 | 000816
- SAP KERNEL 7.22 EXT 64-BIT UC | SP816 | 000816
- SAP KERNEL 7.49 64-BIT | SP716 | 000716
- SAP KERNEL 7.49 64-BIT UNICODE | SP716 | 000716
- SAP KERNEL 7.53 64-BIT | SP424 | 000424
- SAP KERNEL 7.53 64-BIT UNICODE | SP424 | 000424
- SAP KERNEL 7.73 64-BIT UNICODE | SP210 | 000210
- SAP KERNEL 7.75 64-BIT UNICODE | SP031 | 000031
- SAP KERNEL 7.76 64-BIT UNICODE | SP018 | 000018
- SAP KERNEL 7.77 64-BIT UNICODE | SP009 | 000009
Affected component
- BC-SEC-AUT
Authorization
CVSS
Score: 7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2798743
