A critical vulnerability has been identified in SAP Supplier Relationship Management that allows an authenticated attacker to upload arbitrary files. This flaw, stemming from improper file type verification, could permit an adversary to upload and execute malicious code, potentially leading to a complete compromise of the affected server, data theft, and significant disruption to supply chain operations.

This vulnerability is an Unrestricted File Upload flaw. The application fails to properly validate the type or content of files uploaded by users. An authenticated attacker can exploit this by crafting a malicious file (such as a web shell, script, or other executable) and uploading it through a standard file upload function, potentially disguising it as a benign file type like an image or document. Once the malicious file is on the server, the attacker can then navigate to its location to trigger its execution, resulting in remote code execution with the permissions of the web server's service account.

This vulnerability is rated as critical severity with a CVSS score of 9.0. Successful exploitation could have a severe impact on the business, leading to the compromise of confidentiality, integrity, and availability. An attacker could exfiltrate sensitive procurement data, supplier information, and financial records; modify or destroy critical business data; or deploy ransomware. The disruption of the Supplier Relationship Management system could halt key procurement and supply chain processes, leading to significant operational downtime and financial loss.

Immediate Action: Apply the latest security patches provided by SAP for the affected products immediately. Due to the critical nature of this vulnerability, these updates should be deployed on an emergency basis, prioritizing internet-facing systems. After patching, review system and application logs for any signs of exploitation attempts that may have occurred before the patch was applied.

Proactive Monitoring: Implement enhanced monitoring of the affected systems. Review web server and application logs for suspicious file upload events, specifically looking for files with executable extensions (.jsp, .php, .sh, .exe, etc.) being uploaded to web-accessible directories. Monitor for unusual outbound network connections from the SAP server, and use File Integrity Monitoring (FIM) to detect the creation of unexpected files in application directories.

Compensating Controls: If patching cannot be performed immediately, implement compensating controls to reduce risk. Restrict access to file upload functionalities to only essential, highly trusted user accounts. If possible, deploy a Web Application Firewall (WAF) with rules specifically designed to inspect file uploads and block potentially malicious file types and content.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization. With a CVSS score of 9.0, it allows for a high-impact system compromise that could severely affect business operations. We strongly recommend that the vendor-supplied patches be applied on an emergency basis to all affected SAP systems. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity makes it a prime candidate for future inclusion and active exploitation. Proactive patching is the most effective defense to prevent a potential compromise.