Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

By entering the ‘-TV’ user parameter with transaction SU01, SU3 or one of the BAPIs belonging to the USER BOR object into a user master record, the behavior of the transaction start authorization check is changed.
This represents a security problem.

Available fix and Supported packages

SAP_APPL | 45B | 45B
SAP_BASIS | 46B | 46D
SAP_BASIS | 610 | 620
SAP_APPL 45B | SAPKH45B59 |
SAP_BASIS 46C | SAPKB46C40 |
SAP_BASIS 46D | SAPKB46D29 |
SAP_BASIS 610 | SAPKB61028 |
SAP_BASIS 46B | SAPKB46B49 |
SAP_BASIS 620 | SAPKB62016 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/574214

Vahagn Vardanian

Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#

Explore More

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

Vahagn Vardanian

Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#

Explore More

[CVE-2025-31324] Critical SAP NetWeaver Vulnerability Fixed: Actively Exploited in the Wild

Securing Your SAP Migration: Integrating RedRays ABAP Security Scanner into DevSecOps Workflows

RedRays ABAP Security Scanner – Transforming SAP Security Through Advanced Code Analysis

SAP Security Patch Day – April 2025

Special offer for SAP Security Udemy course!

$ 9.99