ABAP Process Control
Also Known As:
Process Control, Dynamic Calls, Call Injection
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
ABAP, SAP
Target Type:
Web Application, SAP GUI Application
Affected Mechanisms:
Input Validation, Secure Design
Invented In:
12/12/2013
Added In:
10/12/2014
Vector Operation Method:
Attackers can abuse insecure design accepting program names from the client to affect the name of the server side program being executed.
