SAP NetWeaver Guided Procedures (SAP GP), a component of the Composite Application Framework (CAF) that provides role-based access to multiple backend systems. The missing authorization was identified in the central administration tool for GP and could lead to unauthorized access to and manipulation of data.
SAP NetWeaver AS for Java (HTTP Service) and exists because HTTP requests are not properly validated when monitoring data is stored. Thus, an attacker able to manipulate HTTP requests could exhaust system resources, causing a denial of service condition.
Refer to SAP advisory for the complete list of affected products and their respective patches.