In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Advanced_business_application_programming | Sap | 7.00 (including) | 7.02 (including) |
| Advanced_business_application_programming | Sap | 7.10 (including) | 7.11 (including) |
| Advanced_business_application_programming | Sap | 7.30 (including) | 7.30 (including) |
| Advanced_business_application_programming | Sap | 7.31 (including) | 7.31 (including) |
| Advanced_business_application_programming | Sap | 7.40 (including) | 7.40 (including) |
| Advanced_business_application_programming | Sap | 7.50 (including) | 7.50 (including) |
| Advanced_business_application_programming | Sap | 75c (including) | 75c (including) |
| Advanced_business_application_programming | Sap | 75d (including) | 75d (including) |