CVE-2023-27893

Name of the Vulnerable Software and Affected Versions SAP Solution Manager and ABAP managed systems (ST-PI) versions 2088 1 700, 2008 1 710, 740

Description An attacker authenticated as a user with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function, allowing them to perform actions they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.

Recommendations For versions 2088 1 700, 2008 1 710, 740, consider restricting access to the vulnerable interface until a patch is available. As a temporary workaround, consider disabling the vulnerable application function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.