Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

指向未可信站点的URL重定向(开放重定向)

SAP S/4HANA和SAP NetWeaver Application Server ABAP 输入验证错误漏洞

SAP S/4HANA和SAP NetWeaver Application Server ABAP都是德国思爱普（SAP）公司的产品。SAP S/4HANA是一个基于 SAP HANA 内存数据库系统的的企业资源管理软件。SAP NetWeaver Application Server ABAP是一个运行和开发基于ABAP语言的应用程序的平台。 SAP NetWeaver Application Server ABAP和SAP S/4HANA存在输入验证错误漏洞，该漏洞源于缺少授权检查，可能导致修改系统文

N/A

N/A