EUVD-2025-20330CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4Description
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
Analysis
Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
Technical Context
This vulnerability is classified as Missing Authorization (CWE-862).
Affected Products
Affected products: Sap Sap Basis 700
Remediation
A vendor patch is available. Apply it as soon as possible and verify the fix.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today