A high-severity vulnerability has been discovered in multiple ERP products, which could allow an unauthenticated attacker to remotely access and manipulate sensitive business data. Successful exploitation of this flaw could lead to significant data breaches, financial loss, and severe operational disruption.

This vulnerability is an unauthenticated SQL injection flaw within a core API endpoint. A remote attacker can exploit this by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable endpoint. This allows the attacker to bypass authentication, execute arbitrary commands on the backend database to read, modify, or delete sensitive data, and potentially achieve remote code execution (RCE) depending on database permissions and configuration.

Given the High severity rating (CVSS score of 8.1), a successful exploit of this vulnerability poses a significant risk to the organization. ERP systems are the backbone of business operations, housing critical data including financial records, customer information, supply chain logistics, and employee PII. An attacker could exfiltrate this sensitive data, manipulate financial transactions, disrupt core business processes, or deploy ransomware, leading to severe financial losses, regulatory fines, reputational damage, and a complete loss of operational integrity.

Immediate Action: Organizations must apply the security updates provided by the vendor across all affected ERP instances without delay. After patching, it is crucial to review access and application logs for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor web server and application logs for suspicious requests targeting API endpoints, particularly those containing SQL syntax or encoded characters. Monitor database logs for unusual or unauthorized queries. Network monitoring should be configured to detect anomalous outbound connections from the ERP servers, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attacks. Restrict network access to the ERP application, allowing connections only from trusted internal IP addresses. Enhance database activity monitoring to alert on suspicious queries originating from the application's service account.

Public Exploit Available: true

Due to the high-severity CVSS score of 8.1, the critical role of ERP systems in business operations, and the public availability of exploit code, this vulnerability requires immediate attention. We strongly recommend organizations prioritize the deployment of vendor-supplied patches to all affected systems. Although this CVE is not currently listed in the CISA KEV catalog, the risk of exploitation is high. Proactive monitoring and the application of compensating controls should be implemented concurrently to mitigate the immediate threat.