Flaw in PricewaterhouseCoopers software can allow hackers to manipulate accounting results
A critical flaw in a security tool built for SAP systems by PricewaterhouseCoopers can allow hackers to manipulate accounting and financial details of clients a latest research has claimed.
German security firm ESNC has found that the Automated Controls Evaluator (ACE), which extracts security and configuration data from an SAP system and generates exception reports by review has a high-risk flaw in its software.
"This security vulnerability may allow an attacker to manipulate accounting documents and financial results, bypass change management controls, and bypass segregation of duties restrictions," ESNC said in an advisory. The research goes on to state that if the flaw is exploited it could result in fraud, theft or manipulation of sensitive data including customer master data and HR payroll information, unauthorised payments and more.