SAP POS Xpress Server does not perform authentication checks for critical functions that require user identity, according to ERPScan. This could allow a threat actor to obtain administrator and privileged access, providing them the ability to change the price of retail merchandise, among other functions. SAP POS reportedly serves 80 percent of retailers in the Forbes Global 2,000. The NJCCIC recommends all administrators of SAP POS review the Security Patch Day Security Notes and visit theSupport Portal to update as soon as possible.