In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
[
{
"product": "SAP_ABA",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "= 7.00 to 7.02"
},
{
"status": "affected",
"version": "= 7.10 to 7.11"
},
{
"status": "affected",
"version": "= 7.30"
},
{
"status": "affected",
"version": "= 7.31"
},
{
"status": "affected",
"version": "= 7.40"
},
{
"status": "affected",
"version": "= 7.50"
},
{
"status": "affected",
"version": "= 7.5C"
},
{
"status": "affected",
"version": "= 7.5D"
}
]
}
]