CVE-2022-41264

Name of the Vulnerable Software and Affected Versions SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791

Description The issue allows an authenticated non-administrator attacker to access a system class and execute any of its public methods with parameters provided by the attacker. On successful exploitation, the attacker can have full control of the system to which the class belongs, causing a high impact on the integrity of the application.

Recommendations For SAP BASIS versions 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, 791, consider restricting access to the RFC function module to prevent unauthorized execution of system class methods. As a temporary workaround, consider disabling the public methods of the system class until a patch is available. Restrict access to system classes to minimize the risk of exploitation.