Experts warn that SAP’s AI Core platform contained multiple vulnerabilities that allowed attackers to steal access tokens and sensitive customer data.
AI Core is a service in the SAP Business Technology Platform that supports the execution and operation of predictive artificial intelligence (AI) workflows in a standardized and scalable way. It is built to integrate seamlessly with other SAP solutions and enables any AI function to be easily realized using open-source frameworks.
In total, Wiz discovered five flaws, which earned them the umbrella term SAPwned and explained how malicious parties could exploit these flaws.
No victims (yet)
“The vulnerabilities we found could have allowed attackers to access customer data and compromise internal artifacts, potentially spreading to related services and other customers’ environments,” they said. The Hacker News.
In other words, hackers could steal credentials from Amazon Web Services (AWS) instances, Microsoft Azure, and the SAP HANA Cloud.
Additionally, the vulnerabilities allow hackers to modify Docker images or artifacts on the SAP Artifactory, a capability that could have been used in supply chain attacks. Finally, SAPwned could have been used to gain administrative access to SAP AI Core’s Kubernetes cluster. “With this level of access, an attacker could directly access other customers’ Pods and steal sensitive data such as models, datasets, and code,” the researchers said. “This access also allows attackers to disrupt customer Pods, compromise AI data, and manipulate model inferences.”
The researchers alerted SAP in late January 2024, and the company released a patch in mid-May. Wiz confirmed that no customer data was compromised by the flaws, suggesting that the researchers found the vulnerabilities before malicious groups did.