SAP^® and Oracle^® Security Advisories

XXE vulnerability in SAP NetWeaver AS Java – Guided Procedures Impact On Business Successful attacks impact the confidentiality of the SAP Netweaver JAVA as well as being able to perform SSRF or retrieve files. Vulnerability Details The servlet caf~eu~gp~model~iforms~eap in SAP Netweaver JAVA, resolving external entities during the parsing of the fromprocessor XML response. Attackers…

SAP Netweaver JAVA – Log viewer injection Impact On Business An unauthenticated attacker can use the login form to create additional information entries in SAP Log Viewer leading to obscure actions, complicate the log analysis as well as could break some automated log analyser tools. Vulnerability Details It is possible to inject “NewLine” characters in…

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a SAP Solution Manager java-based instance, could be able to execute OS commands and potentially compromise the targeted system Affected Components Description Tested on following versions: Java Kernel versions: 7.50.3301.472568.20220902101413 7.50.3301.467525.20210601093523 7.50.3301.407179.20200416085516   SERVERCORE/CORE-TOOLS/J2EE-FRMW components…

Unauthenticated blind SSRF in SmdSapHostAgentBridge Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPGrmgClassicCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPPingHTTPCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated RCE in EventLogServiceCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager running on Windows OS, could execute arbitrary commands. As a consequence, despite having the possibility to fully compromise the targeted system, an attacker could leverage the network position to keep pivoting…

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exploita JNDI injection in order to be able to turn on applications. As a consequence, further attacks could be executed by leveraging flaws or features in the…

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…