SAP S/4HANA SQL Injection Vulnerability in Remote-Enabled Function Module

A SQL injection vulnerability has been identified in SAP S/4HANA (On-Premise) within a remote-enabled function module component. This vulnerability could be exploited by an authenticated attacker to execute unauthorized database queries, potentially exposing sensitive information that should otherwise remain confidential. The flaw significantly impacts data confidentiality, with no effects on the application's integrity or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized database access and query execution, allowing attackers to access sensitive information improperly.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, specifically on SAP Security Patch Days, which occur on the second Tuesday of each month.