CVE-2016-7437

Name of the Vulnerable Software and Affected Versions SAP Netweaver version 7.40

Description The issue allows local users to potentially hide rejected attempts to execute RFC function callbacks by improperly logging certain events as non-critical in the SAP Security Audit Log. This could be leveraged by filtering of non-critical events in audit analysis reports.

Recommendations For SAP Netweaver version 7.40, apply the fix provided in SAP Security Note 2252312 to properly log events and prevent potential hiding of rejected attempts to execute RFC function callbacks.