Description
ABAP Server File Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- read, modify or delete restricted data
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KERNEL | 7.21 | 7.22
- KERNEL | 7.45 | 7.45
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.71 | 7.71
- KERNEL | 7.72 | 7.72
- SAP KERNEL 7.21 32-BIT | SP1111 | 001111
- SAP KERNEL 7.21 32-BIT UNICODE | SP1111 | 001111
- SAP KERNEL 7.21 64-BIT | SP1111 | 001111
- SAP KERNEL 7.21 64-BIT UNICODE | SP1111 | 001111
- SAP KERNEL 7.21 EXT 64-BIT | SP1111 | 001111
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1111 | 001111
- SAP KERNEL 7.22 64-BIT | SP623 | 000623
- SAP KERNEL 7.22 64-BIT UNICODE | SP623 | 000623
- SAP KERNEL 7.22 EXT 64-BIT | SP623 | 000623
- SAP KERNEL 7.22 EXT 64-BIT UC | SP623 | 000623
- SAP KERNEL 7.45 64-BIT | SP811 | 000811
- SAP KERNEL 7.45 64-BIT UNICODE | SP811 | 000811
- SAP KERNEL 7.49 64-BIT | SP519 | 000519
- SAP KERNEL 7.49 64-BIT UNICODE | SP519 | 000519
- SAP KERNEL 7.53 64-BIT | SP214 | 000214
- SAP KERNEL 7.53 64-BIT UNICODE | SP214 | 000214
- SAP KERNEL 7.71 64-BIT UNICODE | SP031 | 000031
- SAP KERNEL 7.72 64-BIT UNICODE | SP020 | 000020
Affected component
- BC-ABA-LA
Syntax, Compiler, Runtime
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2643371
