SAP S/4HANA OData Service Authorization Vulnerability Allowing Unauthorized Updates and Deletions

A vulnerability exists in the SAP S/4HANA OData Service 'Manage Reference Equipment' due to inadequate authorization checks. This flaw allows an attacker to update and delete child entities through OData services without proper authorization. The vulnerability significantly undermines data integrity, while leaving confidentiality and availability unaffected.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications or deletions of child entities in the affected OData service, thereby compromising data integrity.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where a complete list of security notes is available. It is recommended to implement these security corrections as a priority.