Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated malicious user to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap netweaver as abap kernel_7.49 |
||
sap netweaver as abap kernel_7.77 |
||
sap netweaver as abap kernel_7.81 |
||
sap netweaver as abap krnl64uc 7.49 |
||
sap netweaver as abap krnl64nuc 7.49 |
||
sap router 7.22 |
||
sap router 7.53 |
||
sap netweaver as abap kernel_7.85 |
||
sap netweaver as abap kernel_7.86 |
||
sap netweaver as abap kernel_7.87 |
||
sap netweaver as abap kernel_7.88 |