Security Advisories

The Onapsis Research Labs delivers regular SAP® and Oracle® vulnerability research to our ecosystem of customers, partners and the information security industry.

Onapsis security advisories enable customers to better understand the security and business implications of discovered SAP and Oracle security issues. This enables organizations to prioritize patches, updates and their remediation strategies to ensure continuity of the business. Onapsis security advisories, together with vendor patches and security notes, are available for download to provide vendors and end-users with the necessary information to mitigate advanced threats to mission-critical applications running on SAP and Oracle.

Low 06/14/2021 SAP Solution Manager

SAP Solution Manager Open Redirect from Trace Analysis

Impact On Business

Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service.

 

Affected Components Description

SAP Solution Manager 7.2

(Check SAP Note 2938650 for detailed information on affected releases)

 

Vulnerability Details

An open redirect vulnerability exists in the application E2E Trace Analysis in SAP Solution Manager 7.2. The servlet `/E2eTraceGatewayW/E2eTraceServlet` uses current user information to gather logs content stored in the backend server. The attacker can enter a link to a malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

 

Solution

SAP has released SAP Note 2938650 which provides patched versions of the affected components.

The patches can be downloaded from: https://launchpad.support.sap.com/#/notes/2938650

Onapsis strongly recommends SAP customers to download the related security fixes and apply them to the affected components in order to reduce business risks.

 

Report Timeline

  • 04/30/2020 - Onapsis provides details to SAP
  • 04/30/2020 - SAP Provides ID: SR-20-00204
  • 05/11/2020 - SAP provides update: "Vulnerability in progress"
  • 10/12/2020 - SAP provides update: "Fix in progress"
  • 12/08/2020 - SAP releases SAP Note fixing the issue. Vulnerability is now closed

 

References

ADVISORY INFORMATION

  • Public Release Date: 06/14/2021
  • Security Advisory ID: ONAPSIS-2021-005
  • Vulnerability Submission ID: 857
  • Researcher(s): Yvan Genuer

 

VULNERABILITY INFORMATION

  • Vendor: SAP
  • Vulnerability Class: |LS|CWE-601|RS| URL Redirection to Untrusted Site
  • CVSS v3 score: 3.4 (AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N)
  • Severity: Low
  • CVE: CVE-2020-26836
  • Vendor patch Information: SAP Security Note #2938650

 

ABOUT OUR RESEARCH LABS

Onapsis Research Labs provides the industry analysis of key security issues that impact mission-critical systems and applications.

Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community.

Find all reported vulnerabilities at https://github.com/Onapsis/vulnerability_advisories

 

LICENSE

This advisory is licensed under a Creative Commons 4.0 BY-ND International License