SAP community website leaks member data to savvy users

2022-03-18 11:49

SAP runs six main Customer Influence programs accessible via a website open to thousands of members.

While users can view each other's names, companies, proposals, and comments, those with knowledge of SAP's back-end can easily get hold of more information, argues SAP consultant Tobias Hofmann in his blog.

The approach relies on access to the OData service that provides the data for the SAP Customer Influence.

OData is the open data protocol used to communicate with the SAP back end via the SAP ABAP programming language.

Via the blog, Hofmann exposes how members could extract data from specific companies, including SAP itself, which offers 27,000 entries for SAP employees, although some may be duplicates.

Hofmann reported the data leakage to SAP via official and back channels and told the firm he planned to write a post.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/03/18/sap_customer_influence_leak/

#leak #SAP

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
SAP		384	110	931	241	94	1376