Authorization Flaw in SAP's SDCCN Transaction Affects SAP Solutions
CVE-2025-23189
4.3MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 February 2025
What is CVE-2025-23189?
An authenticated attacker can exploit an authorization check flaw in the RFC-enabled function module of SAP's SDCCN transaction. This vulnerability enables the attacker to generate technical meta-data, which can potentially lead to integrity issues. However, the attack does not impact confidentiality or availability, posing a limited risk to the overall system.
Affected Version(s)
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_700
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_710
SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 740