SB2025021260 - Multiple vulnerabilities in SAP NetWeaver AS ABAP
Published: February 12, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper access control (CVE-ID: CVE-2025-23190)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain access to sensitive information.
2) Improper access control (CVE-ID: CVE-2025-24872)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in ABAP Build Framework. A remote user can bypass implemented security restrictions and gain access to sensitive information.
3) Information disclosure (CVE-ID: CVE-2025-23193)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the server. A remote attacker can gain unauthorized access to sensitive information on the system.
4) Missing authorization (CVE-ID: CVE-2025-23189)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to missing authorization checks in an RFC enabled function module in transaction SDCCN. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
5) Missing authorization (CVE-ID: CVE-2025-23187)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to missing authorization checks in an RFC enabled function module in transaction SDCCN. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.