SAP S/4HANA and SAP SCM Characteristic Propagation Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in SAP S/4HANA and SAP SCM Characteristic Propagation. This issue allows an attacker with high privileges to create a new report containing custom code, potentially leading to full control over the affected SAP system. The vulnerability significantly impacts the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in remote code execution, allowing an attacker to execute arbitrary code on the server where the SAP application is running.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all Security Notes are available. For guidance on how to access and apply these Security Notes, refer to the SAP Security Notes FAQs.