● Exclusive – Zero-Day: A medium to high severity vulnerability in SAP portal allows a low privileged authenticated user to escalate privileges within the system abusing certain API end-points.
The latest software / CMS is vulnerable and possibly all previous versions as well.
SAP has been informed about the bug who have confirmed it and have planned to roll out the fix by mid-2023 (Seems SAP does not prioritize security).
No CVE was assigned. Researcher: Aamer