Overview

• The Dutch National Cyber Security Center warned of limited in‑the‑wild attacks, and SecurityBridge says it has verified actual abuse of the flaw.
• The vulnerability resides in an RFC‑exposed function that permits arbitrary ABAP code injection, bypassing authorizations to enable full system compromise including creation of SAP_ALL superusers.
• Exploitation requires only a low‑privileged authenticated account and is rated CVSS 9.9, affecting both on‑premises and Private Cloud S/4HANA deployments.
• SAP released fixes in its August 11–12 updates, covering S4CORE versions 102 through 108 and additional components listed in customer bulletins.
• Administrators are urged to patch immediately, monitor for suspicious RFC calls, unexpected ABAP changes, or new admin accounts, and consider SAP UCON and S_DMIS activity 02 restrictions given the ease of reverse‑engineering and available demo.