SAP^® and Oracle^® Security Advisories

MS_ACL_INFO bypass under special conditions Impact On Business The Message Server is a central component of every SAP system. When, certain conditions are met (listed in a further section) the ACL INFO stops working and therefore any unauthenticated attacker can register new application servers (10Kblaze attack). Affected Components Description Every Message Server binary between SAP…

Unauthenticated blind SSRF in SmdSapHostAgentBridge Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPGrmgClassicCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPPingHTTPCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exploita JNDI injection in order to be able to turn on applications. As a consequence, further attacks could be executed by leveraging flaws or features in the…

Impact On Business This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making HTTP server unavailable during attack execution. Affected Components Description One of the principal entry points in all SAP Application Server Java is the HTTP Web Server. As part of this service there are…

HTTP Request Smuggling in SAP Web Dispatcher Impact On Business By injecting an HTTP request as a prefix into a victim’s request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as a prefix. It is also possible to inject a…

IMPACT ON BUSINESS An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. AFFECTED COMPONENTS DESCRIPTION The SAP Cryptographic Library manages digital signatures in SAP systems as well as…

IMPACT ON BUSINESS Successful attacks can lead to various types of exploitation like CSRF, html injection, data exfiltration, depending on the victim’s privileges. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.10 EP-RUNTIME 7.11 EP-RUNTIME 7.20 EP-RUNTIME 7.30 EP-RUNTIME 7.31 EP-RUNTIME 7.40 EP-RUNTIME 7.50 (Check SAP…