Design/Logic Flaw

2022-12-1303:15:00

PRIOn knowledge base

www.prio-n.com

sap basis

rfc function module

logic flaw

integrity impact

system access

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.4%

JSON

Due to the unrestricted scope of the RFC function module, SAP BASIS - versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application.

CPENameOperatorVersion
basiseq7.31
basiseq7.40
basiseq7.50
basiseq7.51
basiseq7.52
basiseq7.53
basiseq7.54
basiseq7.55
basiseq7.56
basiseq7.57

Name	Operator	Version
basis	eq	7.31
basis	eq	7.40
basis	eq	7.50
basis	eq	7.51
basis	eq	7.52
basis	eq	7.53
basis	eq	7.54
basis	eq	7.55
basis	eq	7.56
basis	eq	7.57

Rows per page:

1-10 of 131

References

launchpad.support.sap.com/

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html