Responsible Disclosure of an Exploit Chain Targeting the RFC Interface Implementation in SAP Application Server for ABAP

sec-consult.com

Responsible Disclosure of an Exploit Chain Targeting the RFC Interface Implementation in SAP Application Server for ABAP

sec-consult.com

N7x@infosec.pub to

cybersecurity@infosec.pubEnglish · 1 year ago

In an independent analysis on the server-side implementation of the proprietary Remote Function Call (RFC) interface in SAP NetWeaver Application Server ABAP and ABAP Platform (both hereinafter referred to as AS ABAP), a set of high-impact implementation bugs and design flaws were identified by SEC Consult Vulnerability Lab security researcher and SAP security expert Fabian Hagg. Technical details about the research results are presented during the annual Troopers Security Conference 2023 in Heidelberg, Germany.

You must log in or register to comment.

Chat