Techno, Intuisi Blog – With SAP AI Core, users may leverage the company’s extensive cloud resources to create, train, and operate AI services in a scalable and controlled manner. A series of vulnerabilities in SAP AI Core allowed hackers to gain unauthorized access to customer data and control cloud environments. SAP AI Core helps users create, train, and manage AI services, but shared environments present cross-tenant risks.
Findings
- Code Execution: Attackers exploited these vulnerabilities to execute arbitrary code.
- Credential Access: Gained access to customer credentials for AWS, Azure, and SAP HANA Cloud.
- Security Flaws: Two security configurations were exploited.
- Compromised Servers: An unauthorized Helm server compromised Docker Registry and Artifactory, revealing sensitive data.
Impact and Resolution
SAP addressed all disclosed vulnerabilities, ensuring no customer information was compromised. Enhanced security measures were recommended to prevent future breaches.
SAP Mitigation
SAP has addressed the vulnerabilities, emphasizing the importance of securing internal services and segregating untrusted code.
