SAP^® and Oracle^® Security Advisories

Server-Side Request Forgery in SAP NetWeaver, ABAP Platform and SAP Host Agent Impact On Business A successful attack can lead to discovering internal SAP open port information that normally is not reachable. Affected Components Description SAP NetWeaver Application Server for ABAP provides both the runtime environment and the development environment for all ABAP programs. The…

SAP Host Agent – Credential Exposure Through Log Files Impact On Business By exploiting this vulnerability a malicious low-privileged user can retrieve SDA credential (sapadm) as well as few technical SAP Netweaver credentials (like FRN_DPC_SID or FRN_CSA_SID), then used them to login into the SAP Netweaver or into the SDA and perform malicious or sensitive…

Reflected Cross Site Scripting in CRM_BSP_FRAME class Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_ABA 700 SP 07-40 SAP_ABA 701…

Reflected Cross Site Scripting in CL_HTTP_EXT_SERVICE_POST_DEMO class Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_ABA 700 SP 07-40 SAP_ABA 701…

Reflected Cross Site Scripting in PING_PONG demo app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description SAP_BASIS 740 SP 09-28 SAP_BASIS…

Reflected Cross Site Scripting in COVER_BY_BSP app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Reflected Cross Site Scripting in SESSION_HTML app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package Impact On Business By exploiting any of these vulnerabilities a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal user sessions or other information. Affected Components Description SAP_BASIS 700 SP…

Reflected Cross Site Scripting in WBA_SESS_REPORT app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…