SAP^® and Oracle^® Security Advisories

Denial of service (DOS) in SAP NetWeaver and ABAP platform! Impact on Business A remote attacker can block all work processes of an SAP System running on SAP NetWeaver AS ABAP. This has a very high negative impact on the availability of the system and its business  applications. Vulnerability Details A certain remote-enabled function module, from /SDF/EWA…

Missing Authorization Check in SAP Production and Revenue Accounting Impact on Business Successful exploitation of the vulnerability gives the attacker useful information that can be used in espionage campaigns or in building different exploitation chains based on it. This has a high impact on the confidentiality of the system and its business applications. Vulnerability Details A certain remote-enabled…

Insufficient Authorization Checks on RFC Enabled Function Module F4_DXFILENAME_TOPRECURSION Impact on Business A remote attacker can read all filenames of arbitrary directories from the file system of the application server. This has a low impact on the confidentiality of the system and its business applications. Vulnerability Details Remote-enabled function module F4_DXFILENAME_TOPRECURSION allows non-administrative authenticated users to read filenames…

Denial of service in ckass CL_APC_WS_EXT_PERFORMANCE_TEST Impact on Business By exploiting this vulnerability, an attacker, authenticated as a non-administrative user, has the ability to significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Vulnerability Details An attacker, authenticated as non-administrative user on…

Denial of Service in CL_HTTP_EXT_ERROR Impact on Business By exploiting this vulnerability, an attacker, authenticated as a non-administrative user, has the ability to significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Vulnerability Details The HTTP requests handler class CL_HTTP_EXT_ERROR allows non-administrative authenticated…

Multiple denial of service vulnerabilities in CL_HTTP_EXT_ECHO handler Impact on Business By exploiting any of these vulnerabilities, an attacker, authenticated as a non-administrative user, has the ability to significantly degrade the service quality experienced by legitimate users. These attacks introduce large response delays, excessive losses, and service interruptions, resulting in direct impact on availability. Vulnerability Details The HTTP requests…

SAP Netweaver ABAP – EPS_OPEN_INPUT_FILE path traversal Impact On Business An attacker with high level privileges can use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. Affected Components Description SAP NetWeaver Application Server for ABAP provides both the…

Directory Traversal in SAP NetWeaver Application Server (AS) for ABAP and ABAP Platform Impact On Business An authenticated attacker with low privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver…

Directory Traversal vulnerability in SAP NetWeaver (BI_CONT Add-On) Impact On Business An authenticated attacker with high privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver AS for ABAP and ABAP…