Cyberattacks can target customer data due to core vulnerabilities in SAP AI

Researchers in cybersecurity have found security flaws in SAP AI Core, a cloud-based platform for developing and implementing predictive artificial intelligence (AI) processes, which might be used to obtain client data and access tokens.

Cloud security company Wiz has jointly named the five flaws "SAPwned."

According to a report by security researcher Hillai Ben-Sasson, the vulnerabilities they discovered might have given hackers access to client data and contaminated internal artifacts, which could have spread to environments and associated services used by other customers. SAP fixed the flaws as of May 15, 2024, following the responsible disclosure on January 25, 2024.

To put it briefly, the vulnerabilities allow someone to gain unauthorized access to private objects and login credentials for cloud environments like SAP HANA Cloud, Microsoft Azure, and Amazon Web Services (AWS).

A supply chain attack on SAP AI Core services might be caused by them altering artifacts hosted on SAP's internal Artifactory server, Docker images on SAP's internal container registry, and SAP's Docker images on the Google Container Registry.

Furthermore, by utilizing the Helm package manager server's vulnerability to both read and write operations, the access might be exploited to obtain cluster administrator credentials on SAP AI Core's Kubernetes cluster.

According to Wiz, the problems stem from the platform's ability to execute malicious AI models and training processes without sufficient isolation and sandboxing measures.

Because of this, a threat actor might use SAP AI Core to establish a standard AI application, get beyond network limitations, and probe the internal network of the Kubernetes Pod to acquire AWS tokens. They could also use these tokens to access customer code and training datasets by taking advantage of errors in AWS Elastic File System (EFS) shares.