Urgent Remediation for S/4HANA Users
Organizations leveraging S/4HANA for critical functions such as finance, procurement, supply chain, or HR-related processes are advised to prioritize remediation efforts. According to insights shared by industry experts, this matter should be treated with utmost urgency.
As highlighted by Stross, SAP has confirmed that there is no alternative workaround available for this issue. Consequently, organizations must focus on implementing the specified correction instructions or support packages to address the vulnerabilities effectively.
Critical Vulnerability in SAP Commerce Cloud
In addition to the S/4HANA concerns, SAP has issued a HotNews note (#3733064) that carries a CVSS score of 9.6, indicating a high level of severity. This note addresses a significant vulnerability related to missing authentication checks within SAP Commerce Cloud.
Onapsis has identified that this vulnerability stems from an overly permissive security configuration combined with improper rule ordering. Such flaws allow an unauthenticated user to execute malicious actions, including configuration uploads and code injections. The implications of this vulnerability are serious, as they can lead to arbitrary server-side code execution.
Organizations utilizing SAP solutions are encouraged to remain vigilant and take immediate action to safeguard their systems against these vulnerabilities.
