In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
2018-11-13T20:29:00.560
2024-11-21T04:03:53.640
Modified
CVSSv3.0: 7.2 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | advanced_business_application_programming | ≤ 7.02 | Yes |
| Application | sap | advanced_business_application_programming | ≤ 7.11 | Yes |
| Application | sap | advanced_business_application_programming | 7.30 | Yes |
| Application | sap | advanced_business_application_programming | 7.31 | Yes |
| Application | sap | advanced_business_application_programming | 7.40 | Yes |
| Application | sap | advanced_business_application_programming | 7.50 | Yes |
| Application | sap | advanced_business_application_programming | 75c | Yes |
| Application | sap | advanced_business_application_programming | 75d | Yes |