""The vulnerable ABAP program allows a low-privileged user to upload a file with arbitrary SQL statements that will then be executed," Onapsis said in an advisory."
""Manipulated planning figures, broken reports, or deleted consolidation data can undermine close processes, executive reporting, and operational planning," Pathlock said."
""That said, there are many unknowns at this stage. It is not clear how many people have been affected by the hacking campaign.""
April's Patch Tuesday revealed critical vulnerabilities in products from Adobe, Fortinet, Microsoft, and SAP. A significant SQL injection vulnerability in SAP Business Planning and Consolidation could allow arbitrary database command execution. Adobe Acrobat Reader also has a critical remote code execution vulnerability under active exploitation. Additional vulnerabilities in ColdFusion could lead to arbitrary code execution and security feature bypass. The extent of the impact and the identity of the attackers remain unclear.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]