“Researchers discovered what they believe to be a critical vulnerability in a PwC product designed for securing SAP systems, but the vendor has downplayed the risk of attacks. Experts at ESNC, a Germany-based company that specializes in SAP security, found the remote code execution vulnerability in PwC’s Automated Controls Evaluator (ACE) tool. The ACE product, which is designed to analyze SAP security settings and identify potential weaknesses, requires two ABAP (Advanced Business Application Programming) files to be run on the production system.”
Source: Flaw in PwC Security Tool Exposes SAP Systems to Attacks | SecurityWeek.Com