EXPERTUM TECH ALERT - SAP has recently published note 2696233, which describes several security vulnerabilities in the SAP Cloud Connector. SAP Cloud connector connects between on-demand applications in SAP Cloud Platform and existing on-premise systems.
The note lists several vulnerabilities, including missing authentication for sensitive operations and the risk of code injection. The affected functions have been enhanced to do all the necessary authentication checks. Furthermore, the code injection is prevented by additional checks. The fixes are available as of SAP Cloud Connector 2.11.3.