Sap · Sap Netweaver · CVE-2016-7437
**Name of the Vulnerable Software and Affected Versions**
SAP Netweaver version 7.40
**Description**
The issue allows local users to potentially hide rejected attempts to execute RFC function callbacks by improperly logging certain events as non-critical in the SAP Security Audit Log. This could be leveraged by filtering of non-critical events in audit analysis reports.
**Recommendations**
For SAP Netweaver version 7.40, apply the fix provided in SAP Security Note 2252312 to properly log events and prevent potential hiding of rejected attempts to execute RFC function callbacks.