SAP Customer Checkout Application Data Modification Vulnerability

A vulnerability exists in the SAP Customer Checkout application due to design choices that allow operational data to be stored locally with reversible protection. This data can be accessed and modified through user-initiated interactions without proper validation. Such unvalidated changes may disrupt system behavior during startup, significantly compromising the application's confidentiality and integrity, while only slightly affecting availability.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of operational data, allowing for changes that could disrupt the application's normal functioning and data integrity.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where a complete list of security notes is available. It is recommended to implement these security corrections as a priority.