Multiple vulnerabilities have been reported, which could be exploited by an attacker to disclose sensitive information, execute arbitrary code, gain unauthorized access, overwrite or delete system and application files, upload arbitrary files, manipulate or delete shared rule conditions, consume resources, gain elevated privileges, bypass configured access restrictions, perform Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks, carry out user-enumeration, and cause inconsistencies in responses that may disclose personal data on the targeted system.
Target Audience:
SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscape and Application developers using affected SAP.
Risk Assessment:
Potential for system compromise, data exposure, unauthorized access, privilege abuse, service disruption, arbitrary file upload.
Impact Assessment:
High risk of data breach, execution of arbitrary code, full system compromise, unavailability, security control bypass, and operational disruption.
The information provided herein is on "as is" basis, without warranty of any kind.