SAP S/4HANA Bank Communication Management Directory Traversal Vulnerability Allowing Unauthorized Access to Operating System Files

A directory traversal vulnerability has been identified in SAP S/4HANA, specifically within the Bank Communication Management component. This vulnerability allows an attacker with high privileges and access to certain transactions and methods to gain unauthorized access to sensitive operating system files. The potential exploitation could lead to reading or deleting these files, causing significant confidentiality risks and minor integrity concerns, without affecting system availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive operating system files, with potential consequences of reading or deleting these files, thereby causing a high impact on confidentiality and a low impact on integrity.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.