SAP Forecasting & Replenishment OS Command Execution Vulnerability

A vulnerability allowing OS command execution has been identified in SAP Forecasting & Replenishment. This issue arises from a non-remote-enabled function that an authenticated attacker with administrative privileges could exploit to execute arbitrary operating system commands. Successful exploitation of this vulnerability could lead to unauthorized reading or modification of system data, or even shutting down the system, resulting in a complete compromise of confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in unauthorized OS command execution, allowing an attacker to read or modify any system data or shut down the system, leading to a complete compromise of confidentiality, integrity, and availability.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security notes and implement the recommended patches. For more information on SAP Security Patch Day and the availability of security fixes, refer to the SAP Security Notes FAQ.