We observed a case in Cloud Apps where a logged-in user saw data storages he/she should not be able to see.
As we were not successful to quickly reproduce the issue we decided to switch off CDQ Cloud Apps.
We know this is frustrating but we needed to limit the risk of any data exposure.
A bug in Cloud Apps caused that users which logged in within the same 1 second may have received the same session. This issue did not affect APIs or API security, so no technical integration in SAP systems was affected.
Based on our logs, this issue happened in total 10 times since the release of Cloud Apps and fortunately only in 1 case a customer was affected (other logins were internal accounts). We are already in close communication with the affected customer and verified that no unauthorized access to data occurred.
Fortunately, we have resolved this issue and verified that the login in Cloud Apps now works as expected despite any concurrency.
In case of further questions or concerns do not hesitate to contact us.