SAP Cloud Appliance Library Appliances Privilege Escalation Vulnerability

A vulnerability exists in SAP Cloud Appliance Library (CAL) Appliances that allows an attacker with high privileges to exploit an insecure default profile setting in S/4HANA. This exploitation can lead to unauthorized access to other appliances within the CAL environment. While the vulnerability has a low impact on application confidentiality, it does not affect integrity or availability.

Impact

Exploitation of this vulnerability could allow for unauthorized access to other appliances within the SAP Cloud Appliance Library environment.

Remediation

Users are advised to consult the SAP Security Notes available through the SAP for Me platform. Security fixes for SAP NetWeaver based products are delivered with the support packages. For information on areas with an exception from the 24 months maintenance strategy, refer to the SAP Security Notes FAQ.