SAP Business Connector OS Command Injection Vulnerability Allowing Arbitrary Command Execution
Vulnerability
An OS command injection vulnerability has been identified in SAP Business Connector. This issue allows an authenticated attacker with administrative privileges and adjacent network access to upload specially crafted content to the server. If the application processes this content, it can lead to the execution of arbitrary operating system commands. Successful exploitation of this vulnerability could result in a complete compromise of the system's confidentiality, integrity, and availability.
Impact
Exploitation of this vulnerability could lead to unauthorized execution of operating system commands, potentially allowing for a full compromise of the affected system.
Remediation
Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security updates and patches. It is recommended to implement these corrections as a priority.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.