The problem at the heart of the security bug is that the SAP POS Xpress Server does not perform any authentication checks, which means that an attacker can modify critical functions without providing any credentials. Attackers can modify product prices …