First published: Thu Oct 13 2016(Updated: )
SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the SAP Security Audit Log as non-critical, which might allow local users to hide rejected attempts to execute RFC function callbacks by leveraging filtering of non-critical events in audit analysis reports, aka SAP Security Note 2252312.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver | =7.40 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.