SAP^® and Oracle^® Security Advisories

SAP BEx -Denial of Service and Arbitrary Favorites Modification/Deletion Impact on Business An authenticated attacker can cause a denial-of-service condition for other users, preventing them from accessing the system via the SAP GUI. Additionally, the attacker can modify or delete user-specific favorite nodes, leading to operational disruption and loss of convenience features for the affected…

Denial of Service and Arbitrary Favorites Modification/Deletion Impact on Business An authenticated attacker can cause a denial-of-service condition for other users, preventing them from accessing the system via the SAP GUI. Additionally, the attacker can modify or delete user-specific favorite nodes, leading to operational disruption and loss of convenience features for the affected business users….

Open Redirect in SAP HANA XSA UAA Server Impact on Business The open redirect vulnerability allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks. The phishers may then steal victim’s credentials or other important data that can be used in other exploitation chains. This has limited impact on the confidentiality, integrity and availability of the…

Denial of service (DOS) in SAP NetWeaver and ABAP platform! Impact on Business A remote attacker can block all work processes of an SAP System running on SAP NetWeaver AS ABAP. This has a very high negative impact on the availability of the system and its business  applications. Vulnerability Details A certain remote-enabled function module, from /SDF/EWA…

Missing Authorization Check in SAP Production and Revenue Accounting Impact on Business Successful exploitation of the vulnerability gives the attacker useful information that can be used in espionage campaigns or in building different exploitation chains based on it. This has a high impact on the confidentiality of the system and its business applications. Vulnerability Details A certain remote-enabled…

Insufficient Authorization Checks on RFC Enabled Function Module F4_DXFILENAME_TOPRECURSION Impact on Business A remote attacker can read all filenames of arbitrary directories from the file system of the application server. This has a low impact on the confidentiality of the system and its business applications. Vulnerability Details Remote-enabled function module F4_DXFILENAME_TOPRECURSION allows non-administrative authenticated users to read filenames…

Denial of service in ckass CL_APC_WS_EXT_PERFORMANCE_TEST Impact on Business By exploiting this vulnerability, an attacker, authenticated as a non-administrative user, has the ability to significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Vulnerability Details An attacker, authenticated as non-administrative user on…

Denial of Service in CL_HTTP_EXT_ERROR Impact on Business By exploiting this vulnerability, an attacker, authenticated as a non-administrative user, has the ability to significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Vulnerability Details The HTTP requests handler class CL_HTTP_EXT_ERROR allows non-administrative authenticated…

Reflected Cross Site Scripting in “bsp_vhelp” BSP Application Impact on Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Vulnerability Details Due to insufficient input sanitization, SAP…