He added that for organizations using S/4HANA broadly across finance, procurement, supply chain, or HR-adjacent processes, this should be treated as an urgent remediation item.
SAP stated that there is no workaround, Stross pointed out, so remediation depends on implementing the referenced correction instructions or support packages.
The other HotNews note is #3733064, with a CVSS score of 9.6, which patches a missing authentication check vulnerability in SAP Commerce Cloud. Onapsis says the vulnerability is caused by an overly permissive security configuration with improper rule ordering, allowing an unauthenticated user to perform malicious configuration upload and code injection, resulting in arbitrary server-side code execution.
