Found a hole in some SAP supplied software today, that would allow someone with the right userid and password to inject code into a live system to do whatever they wanted. (The original code came from a third party that was bought out by another third party, before SAP bought it, which is partly why it's still in the customer namespace).
If you've got function group ZAW0 installed, run it through a source code review at the earliest opportunity.
If you've got function group ZAW0 installed, run it through a source code review at the earliest opportunity.
Comment