CVE-2023-25615

Name of the Vulnerable Software and Affected Versions SAP ABAP versions 751, 753, 754, 756, 757, 791

Description The issue is caused by insufficient input sanitization, allowing an authenticated high privileged user to alter the current session of the user by injecting malicious database queries over the network. This can lead to a high impact on the confidentiality of the application, with no impact on availability and integrity.

Recommendations For SAP ABAP versions 751, 753, 754, 756, 757, 791, consider restricting access to the database queries to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the functionality that allows injection of database queries over the network until a fix is provided. Restrict access to sensitive data to prevent unintended access.