Missing Authorization Check in SAP Software Module
CVE-2025-23187

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform (sdccn)
Vendor: CVE Published:; 11 February 2025

Summary

A vulnerability exists within an RFC-enabled function module in transaction SDCCN, allowing unauthenticated attackers to generate technical meta-data. While this issue may lead to integrity concerns, it poses no threats to confidentiality or availability. SAP has recommended patching strategies, which can be found in their official notes and security patch day resources.

Affected Version(s)

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_700

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_710

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 740

References

https://me.sap.com/notes/3546470

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 13, 2025