SAP^® and Oracle^® Security Advisories

Open Redirect in SAP HANA XSA UAA Server Impact on Business The open redirect vulnerability allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks. The phishers may then steal victim’s credentials or other important data that can be used in other exploitation chains. This has limited impact on the confidentiality, integrity and availability of the…

Arbitrary execution of RFC functions through SHDB_TOOLS_RFC_WRAPPER Impact on Business By exploiting this vulnerability a remote attacker could trick users into accessing specially crafted URL(s) that could trigger certain actions on the SAP System by triggering specific events. Vulnerability Details Due to the unrestricted scope of the RFC function module(SHDB_TOOLS_RFC_WRAPPER), SAP BASIS – versions 731,…

Arbitrary execution of RFC functions through SDF-CCM_AGS_CC_GET_OBJECTS Impact on Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Vulnerability Details…

Arbitrary execution of RFC functions through SDF-CCM_AGS_CC_SIM_API_LOAD Impact on Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Vulnerability Details…

XXE vulnerability in SAP NetWeaver AS Java – Guided Procedures Impact On Business Successful attacks impact the confidentiality of the SAP Netweaver JAVA as well as being able to perform SSRF or retrieve files. Vulnerability Details The servlet caf~eu~gp~model~iforms~eap in SAP Netweaver JAVA, resolving external entities during the parsing of the fromprocessor XML response. Attackers…

Memory Corruption vulnerability in SAP CommonCryptoLib Impact On Business A manipulated data package with a corrupted SNC NAME ASN.1 structure can lead to a parser error and a crash of the application. Vulnerability Details A memory corruption vulnerability exists for sec1_gss_import_name() in libsapcrypto.so library. The function trusts the incoming size parameter for a specific option….

Stored XSS in administration UI of SAP Impact On Business Impact depends on the victim privileges, but SAP Webdispatcher access is generally granted to administrator users. In the worst case, a successful attack allows an attacker to force an administrator to perform actions on SAP Webdispatcher, like exfiltrate data, change data or shutdown the Webdispatcher….

Arbitrary execution of RFC functions through CCM_AGS_CC_SIM_API_START Impact On Business This vulnerability allows an attacker to execute any function that exists in the system, therefore if there is, for example, a function that can delete/overwrite files or execute operating system commands, this could be affected from the business to a denial of service. Affected Components…

Directory Traversal vulnerability in SAP NetWeaver (BI_CONT Add-On) Impact On Business An authenticated attacker with high privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver AS for ABAP and ABAP…