SAP Supplier Relationship Management Arbitrary File Upload Vulnerability

A vulnerability in SAP Supplier Relationship Management allows authenticated attackers to upload arbitrary files due to inadequate verification of file types or contents. This could include executable files that, once downloaded and executed by users, might introduce malware. Successful exploitation could significantly compromise the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized file uploads, including executables that could be used to deliver malware, causing severe damage to the application's confidentiality, integrity, and availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, particularly on SAP Security Patch Days, which occur on the second Tuesday of each month.