This critical security flaw is letting SAP users get around authentication

"In SAP BusinessObjects Business Intelligence Platform, if Single Sign On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint," SAP explained in the advisory. "The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability."

Server-side request forgeries, and more

The second critical vulnerability is a server-side request forgery (SSRF) flaw affecting apps built with SAP Build Apps prior to version 4.11.130. This bug was introduced through a fix for a previous vulnerability, and is tracked as CVE-2024-29415. It carries a severity score of 9.1. The bug was found in the ‘IP’ package for Node.js, when it analyzes if an IP address is public or not. With octal representation, the package erroneously recognizes ‘127.0.0.1’ as a public and globally routable address. 

SAP is the world’s largest ERP vendor, with products in use by more than 90% of the Forbes Global 2000 list, so cybercriminals will most likely scan for endpoints that haven’t applied the patch, looking for a way into the IT networks of some of the world’s most important brands. 

Besides these two, SAP fixed another four high-severity vulnerabilities, with scores ranging from 7.4 to 8.2. These include an XML injection issue in the SAP BEx Web Java Runtime Export Web Service, a bug in SAP S/4 HANA, one in SAP NetWeaver AS Java, and one in SAP Commerce Cloud.

Via Bleeping Computer

More from TechRadar Pro

• SAP's AI Core platform has some worrying security flaws, so patch now
• Here's a list of the best malware removal tools around today
• These are the best endpoint security tools right now