Authorization Flaw in SAP's SDCCN Transaction Affects SAP Solutions
CVE-2025-23189

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver And Abap Platform (sdccn)
Vendor: CVE Published:; 11 February 2025

What is CVE-2025-23189?

An authenticated attacker can exploit an authorization check flaw in the RFC-enabled function module of SAP's SDCCN transaction. This vulnerability enables the attacker to generate technical meta-data, which can potentially lead to integrity issues. However, the attack does not impact confidentiality or availability, posing a limited risk to the overall system.

Affected Version(s)

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_700

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 2008_1_710

SAP NetWeaver and ABAP Platform (SDCCN) ST-PI 740

References

https://me.sap.com/notes/3546470

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 13, 2025