SAP S/4HANA
Easy fix1 remedy
cpe:2.3:a:sap:s/4_hana:*:*:*:*:*:*:*
Easy fix1 remedy
SAP S/4HANA Missing Authorization Check Vulnerability in Inbound Binding Configuration Allowing Code Execution
Vulnerability
A vulnerability exists in SAP S/4HANA (Enterprise Event Enablement) due to a missing authorization check. An attacker with access to the Inbound Binding Configuration can create an RFC destination and assign a high-privilege user. This exploitation allows the attacker to consume events through the RFC destination, executing code with the privileges of the assigned user. While this vulnerability has a low impact on availability, it poses a significant risk to confidentiality and integrity.
Impact
Exploitation of this vulnerability could lead to unauthorized code execution under the privileges of a high-privilege user, assigned through the compromised RFC destination.
Remediation
Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.
Added: Jun 10, 2025, 1:20 AM
Updated: Jun 10, 2025, 1:20 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
5.0exploitability
4.9remediation
8.3relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.