Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Missing auth check
Date of Public Advisory:13.03.2012
Reference: SAP Security Note 1595074
Author:Alexey Tyurin (ERPScan)
Missing authorization check in FRC function RZL_READ_DIR_LOCAL.
Attacker can execute vulnerable transaction, programm or RFC function remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.