SAP^® and Oracle^® Security Advisories

Arbitrary execution of RFC functions through SDF-CCM_AGS_CC_GET_OBJECTS Impact on Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Vulnerability Details…

Arbitrary execution of RFC functions through SDF-CCM_AGS_CC_SIM_API_LOAD Impact on Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Vulnerability Details…

Arbitrary execution of RFC functions through CCM_AGS_CC_SIM_API_START Impact On Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Affected Components…

Reflected Cross Site Scripting in CRM_BSP_FRAME class Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_ABA 700 SP 07-40 SAP_ABA 701…

Reflected Cross Site Scripting in CL_HTTP_EXT_SERVICE_POST_DEMO class Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_ABA 700 SP 07-40 SAP_ABA 701…

Reflected Cross Site Scripting in PING_PONG demo app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_BASIS 740 SP 09-28 SAP_BASIS…

Reflected Cross Site Scripting in COVER_BY_BSP app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Reflected Cross Site Scripting in SESSION_HTML app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Reflected Cross Site Scripting in WBA_SESS_REPORT app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…