SAP Identity Management REST Interface JNDI Injection Vulnerability

A vulnerability exists in the SAP Identity Management REST interface, allowing authenticated administrators to send malicious REST requests that are improperly sanitized. These requests can be processed by JNDI operations, potentially leading to unauthorized disclosure or modification of data. The vulnerability arises from inadequate input handling and, while it poses a low risk to confidentiality and integrity, it does not affect application availability.

Impact

Exploitation of this vulnerability could result in unauthorized disclosure or modification of data.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month.