Missing Authorization Check Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2025-27437
4.3MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 8 April 2025
What is CVE-2025-27437?
A vulnerability in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP allows authenticated non-administrative users to initiate transactions that grant them access to non-sensitive data without proper authorization checks. This can lead to unauthorized data visibility, compromising the integrity of user access controls. Proper security measures and patches are crucial to mitigate this risk.
Affected Version(s)
SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 700
SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 701
SAP NetWeaver Application Server ABAP (Virus Scan Interface) SAP_BASIS 702