**Name of the Vulnerable Software and Affected Versions:**

SAP S/4HANA (affected versions not specified)

**Description:**

SAP S/4HANA is vulnerable to a critical security flaw that allows an attacker with user privileges to exploit a vulnerability in a function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This effectively functions as a backdoor, potentially leading to full system compromise, undermining confidentiality, integrity, and availability. The vulnerability is actively exploited in the wild, and successful exploitation can grant attackers full system control, allowing them to create superusers, steal data, and potentially deploy ransomware. Approximately 440,000 organizations are potentially affected.

**Recommendations:**

Apply SAP Security Notes 3627998 and 3633838 immediately.