The most critical of the freshly issued security notes corrects a problem with SAP NetWeaver Application Server for Java’s authorisation check. The vulnerability has a CVSS score of 10 and is identified as CVE202137535.
An erroneous input sanitization in 25 RFCenabled function modules might allow a “authenticated user with certain particular rights to remotely call these function modules and run modified queries to get access to the backend database,” according to the problem.