Remote Execution Vulnerability Affects SAP ABA Versions 700-752
CVE-2024-22131

7.2HIGH

Key Information:

Vendor: SAP
Status: SAP Aba (application Basis)
Vendor: CVE Published:; 13 February 2024

Summary

A security vulnerability exists in SAP Application Basis (ABA) across multiple versions, where an attacker with remote execution authorization can exploit a susceptible interface. This vulnerability enables the attacker to invoke application functions and perform unauthorized actions, potentially allowing them to read or modify sensitive user and business data. Moreover, certain functions may lead to system unavailability, impacting overall business operations. Organizations running affected versions of SAP ABA should prioritize remediation to protect their data integrity and operational continuity.

Affected Version(s)

SAP ABA (Application Basis) 700

SAP ABA (Application Basis) 701

SAP ABA (Application Basis) 702

References

https://me.sap.com/notes/3420923

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Jan 5, 2024