**Name of the Vulnerable Software and Affected Versions:**

SAP S/4HANA (affected versions not specified)

**Description:**

SAP S/4HANA is vulnerable to a critical flaw that allows an attacker with user privileges to exploit a vulnerability in a function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability functions as a backdoor, potentially leading to full system compromise, undermining the confidentiality, integrity, and availability of the system. The vulnerability is under active exploitation and has been observed in the wild. Approximately 440,000 organizations may be affected. Attackers require only low-level user access to potentially gain full control of the system, including the ability to create superusers, steal data, and even deploy ransomware.

**Recommendations:**

Apply SAP Security Notes 3627998 and 3633838 immediately.