Missing Authorization Check Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2025-27437

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap (virus Scan Interface)
Vendor: CVE Published:; 8 April 2025

Summary

A vulnerability in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP allows authenticated non-administrative users to initiate transactions that grant them access to non-sensitive data without proper authorization checks. This can lead to unauthorized data visibility, compromising the integrity of user access controls. Proper security measures and patches are crucial to mitigate this risk.

Affected Version(s)

SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 700

SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 701

SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 702

References

https://me.sap.com/notes/3568778

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 25, 2025