CVE-2022-26102

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP versions 700, 701, 702, 731

Description The issue is due to a missing authorization check, allowing an authenticated attacker to access content on the start screen of any transaction within the same SAP system, even if they are not authorized for that transaction. This could expose information and, in the worst case, manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

Recommendations For versions 700, 701, 702, 731, update to a version that includes the necessary authorization checks to prevent unauthorized access to transactions. As a temporary workaround, consider restricting access to sensitive transactions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.