Ertunga Arsal

**Name of the Vulnerable Software and Affected Versions** PricewaterhouseCoopers (PwC) ACE-ABAP version 8.10.304 for SAP Security **Description** The issue allows remote authenticated users to conduct ABAP injection attacks and execute arbitrary code. This can be achieved via SAPGUI or Internet Communication Framework (ICF) over HTTP or HTTPS. Examples of exploitation include using WEBGUI or Report. **Recommendations** For PricewaterhouseCoopers (PwC) ACE-ABAP version 8.10.304, consider restricting access to the SAPGUI and Internet Communication Framework (ICF) to minimize the risk of exploitation. As a temporary workaround, limit the use of WEBGUI and Report until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Governance, Risk, and Compliance (GRC) (affected versions not specified) **Description** The issue allows remote authenticated users to gain privileges and execute arbitrary programs. This can be achieved by sending a crafted request, either via RFC or SOAP-RFC. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.