SAP^® and Oracle^® Security Advisories

Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent Impact On Business A successful attack can lead to discovering internal SAP open port information that normally is not reachable. Affected Components Description SAP NetWeaver Application Server for ABAP provides both the runtime environment and the development environment for all ABAP programs. The…

Stored XSS in administration UI of SAP Impact On Business Impact depends on the victim privileges, but SAP Webdispatcher access is generally granted to administrator users. In the worst case, a successful attack allows an attacker to force an administrator to perform actions on SAP Webdispatcher, like exfiltrate data, change data or shutdown the Webdispatcher….

MS_ACL_INFO bypass under special conditions Impact On Business The Message Server is a central component of every SAP system. When, certain conditions are met (listed in a further section) the ACL INFO stops working and therefore any unauthenticated attacker can register new application servers (10Kblaze attack). Affected Components Description Every Message Server binary between SAP…

IMPACT ON BUSINESS An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. AFFECTED COMPONENTS DESCRIPTION The SAP Cryptographic Library manages digital signatures in SAP systems as well as…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP dispatcher service is part of SAP Kernel. Mandatory, it manages, gathers…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP IGS is a widely-used, server-based engine for generating graphical and non-graphical…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP Gateway server is the component that manages the communication between the…

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

By exploiting this vulnerability an unauthenticated attacker could access and modify any information indexed by the SAP system. Please fill out the form to download the security advisory.