ABAP : Undocumented feature: hidden functionality

The application runs native SQL, so the authorization check can not be performed properly. Native SQL bypasses the security functions of SAP Open SQLSuch, and can also bypass the synchronization of the SAP table and lead to inconsistencies in the data. It should be checked whether the native SQL is a part of the program, since this can be the backdoor left by the developers.

From a security perspective, even when hidden functionality is not intentionally malicious, it gives an attacker an additional opportunity for a successful application attack. For example, the hidden functionality could be useful for attacks that modify the control flow of the application.