Security Advisories

Die Onapsis Research Labs veröffentlichen regelmäßig Forschungsberichte zu den neuesten SAP®- und Oracle®-Schwachstellen und stellen diese unserem Öko-System aus Kunden, Partnern und IT-Sicherheitsanbietern zur Verfügung. 

Mit unseren Security Advisories können Kunden die Sicherheits- und Geschäftsrisiken besser abschätzen, die von den jüngsten Schwachstellen in SAP®- und Oracle®-Anwendungen ausgehen. Sie können damit festlegen, in welcher Reihenfolge Patches, Updates und Reparaturmaßnahmen durchzuführen sind, um die Kontinuität des Geschäftsbetriebs zu sichern. Die Security Advisories von Onapsis – einschließlich Hersteller-Patches und -Sicherheitshinweisen – stehen für Sie zum Download bereit. So werden Anbieter und Endnutzer mit den notwendigen Informationen versorgt, um die steigenden Bedrohungen für die geschäftskritischen SAP®- und Oracle®-Anwendungen zu reduzieren. 

Low 06/14/2021 SAP Solution Manager

SAP Solution Manager Open Redirect from Trace Analysis

Impact On Business

Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service.

 

Affected Components Description

SAP Solution Manager 7.2

(Check SAP Note 2938650 for detailed information on affected releases)

 

Vulnerability Details

An open redirect vulnerability exists in the application E2E Trace Analysis in SAP Solution Manager 7.2. The servlet `/E2eTraceGatewayW/E2eTraceServlet` uses current user information to gather logs content stored in the backend server. The attacker can enter a link to a malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

 

Solution

SAP has released SAP Note 2938650 which provides patched versions of the affected components.

The patches can be downloaded from: https://launchpad.support.sap.com/#/notes/2938650

Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks.

 

Report Timeline

  • 04/30/2020 - Onapsis provides details to SAP
  • 04/30/2020 - SAP Provides ID: SR-20-00204
  • 05/11/2020 - SAP provides update: "Vulnerability in progress"
  • 10/12/2020 - SAP provides update: "Fix in progress"
  • 12/08/2020 - SAP releases SAP Note fixing the issue. Vulnerability is now closed

 

References

ADVISORY INFORMATION

  • Public Release Date: 06/14/2021
  • Security Advisory ID: ONAPSIS-2021-005
  • Vulnerability Submission ID: 857
  • Researcher(s): Yvan Genuer

 

VULNERABILITY INFORMATION

  • Vendor: SAP
  • Vulnerability Class: |LS|CWE-601|RS| URL Redirection to Untrusted Site
  • CVSS v3 score: 3.4 (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)
  • Severity: Low
  • CVE: CVE-2020-26836
  • Vendor patch Information: SAP Security Note #2938650

 

ABOUT OUR RESEARCH LABS

Onapsis Research Labs provides the industry analysis of key security issues that impact mission-critical systems and applications.

Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community.

Find all reported vulnerabilities at https://github.com/Onapsis/vulnerability_advisories

 

LICENSE

This advisory is licensed under a Creative Commons 4.0 BY-ND International License