SAP^® and Oracle^® Security Advisories

IS-OIL – OS Command Injection FM OIB_QCI_SERVER Impact On Business Successful attack could allow an attacker to execute blind operating system command as SAP System Administrator user (sidadm). Lead to full compromise the SAP Netweaver System. Vulnerability Details An OS command injection vulnerability exists in FM OIB_QCI_SERVER, delivered by OIB_QCI package and provided by IS-OIL…

SAPStartSrv – Pre-auth buffer overflow Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as NT System or root users. If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could use it to execute arbitrary…

SAPStartSrv – Pre-auth OS Command injection as root or system Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as system administrator (root or SYSTEM) If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could…

Directory Traversal in SAP NetWeaver Application Server (AS) for ABAP and ABAP Platform Impact On Business An authenticated attacker with low privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver…

SAP MII Remote Code Execution Due to Unrestricted File Upload Impact On Business An attacker that successfully exploits this vulnerability can execute OS Commands as adm user Affected Components Description Tested on following versions: SAP Java 7.40 with SAP MII 15.3 Vulnerability Details SAP MII (Manufacturing Integration and Intelligence) has a platform called “Self Service…

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a SAP Solution Manager java-based instance, could be able to execute OS commands and potentially compromise the targeted system Affected Components Description Tested on following versions: Java Kernel versions: 7.50.3301.472568.20220902101413 7.50.3301.467525.20210601093523 7.50.3301.407179.20200416085516   SERVERCORE/CORE-TOOLS/J2EE-FRMW components…

Unauthenticated RCE in EventLogServiceCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager running on Windows OS, could execute arbitrary commands. As a consequence, despite having the possibility to fully compromise the targeted system, an attacker could leverage the network position to keep pivoting…

Impact On Business An unauthenticated attacker with access to the HTTP(s) port of a SAP Enterprise Portal, would be able to turn on deployed applications. As a consequence, stopped applications may be turned on which could lead to further severe consequences. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs…

Unauthenticated read of OS files and DoS in locking P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to read any OS file and/or make the system completely hang by asking applications locks. As a consequence, the system’s availability could be totally…