SAP Identity Management 2.0 Remote Code Execution Vulnerability


Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.


The information has been provided by  Aditi Kulkarni.
The original article can be found at:


SAP Identity Management is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • SAP Identity Management 2.0

CVE Information:

Disclosure Timeline:
Publish Date:05/14/2019