Security News > 2022 > March > SAP community website leaks member data to savvy users
SAP runs six main Customer Influence programs accessible via a website open to thousands of members.
While users can view each other's names, companies, proposals, and comments, those with knowledge of SAP's back-end can easily get hold of more information, argues SAP consultant Tobias Hofmann in his blog.
The approach relies on access to the OData service that provides the data for the SAP Customer Influence.
OData is the open data protocol used to communicate with the SAP back end via the SAP ABAP programming language.
Via the blog, Hofmann exposes how members could extract data from specific companies, including SAP itself, which offers 27,000 entries for SAP employees, although some may be duplicates.
Hofmann reported the data leakage to SAP via official and back channels and told the firm he planned to write a post.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/18/sap_customer_influence_leak/