Preface: The latest version of SAP Landscape Transformation Replication Server. It combines the latest SAP Landscape Transformation Replication Server functionality with the latest SAP Basis version for the best support of all uses cases involving SAP systems and databases. There are two options for using this version of SAP Landscape Transformation Replication Server (see also chapter Installation Options):
i.As a standalone system based on SAP S/4HANA Foundation 2020 (or higher) together with the DMIS 2020 addon.
ii.Embedded in SAP S/4HANA 2020 (or higher).
Background: (S_DMIS – Authority object for SAP SLO Data migration server)
The user role SAP_IUUC_REPL_ADMIN is required to use SAP Landscape Transformation Replication Server. By default, this role does not allow users to view the data that is replicated from the source system to the target system. However, the authorization object S_DMIS (with activity 29) allows users to view the data that is being replicated (by means of the replication logging function).
SAP strongly recommend that you use the Read Access Logging (RAL) component to monitor and log read access to the relevant data.
Vulnerability Details: SAP LT Replication Server – version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.
Official announcement: Please refer to the link for details – https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html