SAP^® and Oracle^® Security Advisories

IMPACT ON BUSINESS Impact depends on the victim’s privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or shutdown the Portal. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.30 EP-RUNTIME…

IMPACT ON BUSINESS Impact depends on the victim’s privileges. In the worst case, a successful attack allows an attacker to hijack an administrator session and perform actions like exfiltrate data, change data or shutdown the Portal. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.10 EP-RUNTIME…

Impact On Business A high-privileged SAP JAVA NetWeaver user is able to abuse an XXE vulnerability with the goal of reading files from the OS (compromising confidentiality) and/or making system processes crash (compromising availability). Affected Components Description The ESP framework is a framework used inside SAP JAVA NetWeaver. Due to being part of this foundational…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP dispatcher service is part of SAP Kernel. Mandatory, it manages, gathers…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP Gateway server is the component that manages the communication between the…

Impact On Business SAP Hybris accelerator services module is vulnerable to server side request forgery, which means that an authenticated attacker is able to perform POST requests to any valid URL. Affected Components Description SAP Hybris is an ecommerce product platform that is used to address a family of products involving Customer Experience and Management….

Impact On Business An attacker can generate download-links sequentially targeting “impex” directory files. As a consequence, they will be able download most of these files, potentially disclosing critical Hybris information such as credentials. Affected Components Description SAP Hybris is an ecommerce platform that is used to address a family of products involving Customer Experience and…

Impact On Business Any authenticated user of the Solution Manager is able to craft/ upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality and Availability. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on top of the SAP Java NetWeaver stack. The affected versions have a…

Impact On Business Any authenticated user of the Solution Manager is able to either perform a Denial of Service or read sensitive information from every SMD Agent connected to the targeted SolMan. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on top of the SAP Java NetWeaver stack. The…