CVE-2018-2481

Name of the Vulnerable Software and Affected Versions SAP ABA versions 7.00 through 7.02 SAP ABA versions 7.10 through 7.11 SAP ABA versions 7.30 SAP ABA versions 7.31 SAP ABA versions 7.40 SAP ABA versions 7.50 SAP ABA versions 75C through 75D

Description The issue concerns the use of a transaction code in SAP standard roles that is reserved for customers. This could allow a malicious user to execute unauthorized transaction functionality by implementing such a transaction code.

Recommendations For SAP ABA versions 7.00 through 7.02, consider restricting access to the affected transaction code to prevent unauthorized use. For SAP ABA versions 7.10 through 7.11, remove the implementation of the customer-reserved transaction code to mitigate the risk. For SAP ABA versions 7.30, 7.31, 7.40, 7.50, 75C through 75D, avoid using the transaction code reserved for customers until a proper fix is applied.