CVE-2021-27610

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804

Description The issue is related to improper authentication due to the inconsistent and undistinguished format of internal and external RFC user information. This could lead to malicious users obtaining illegitimate access to the system. The vulnerability is associated with deficiencies in the authentication procedure resulting from incorrect handling of RFC user information for communication between SAP systems. Exploitation of the vulnerability may allow a remote attacker to bypass security restrictions, elevate privileges, and gain unauthorized access to protected information.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 804, consider implementing additional security measures to ensure proper authentication and authorization, such as enhancing the handling of RFC user information to prevent improper access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.