SAP S/4HANA Private Cloud and On-Premise SQL Injection Vulnerability in Financials General Ledger

A vulnerability exists in SAP S/4HANA Private Cloud and On-Premise versions of Financials General Ledger, where insufficient input validation allows authenticated users to execute crafted SQL queries. This exploitation could lead to unauthorized reading, modification, and deletion of backend database data, significantly impacting the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to database information, allowing for reading, modifying, or deleting data. Such actions could disrupt the application's normal functioning and data integrity.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Patch Day occurs on the second Tuesday of each month, and details can be found in the SAP Security Patch Day Bulletin.