SAP^® and Oracle^® Security Advisories

Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package Impact On Business By exploiting any of these vulnerabilities a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal user sessions or other information. Affected Components Description SAP_BASIS 700 SP…

Reflected Cross Site Scripting in WBA_SESS_REPORT app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Arbitrary Redirect in Biller Direct 7.50 Impact On Business The users of SAP BillerDirect could be targeted and redirected to a malicious site, potentially stealing their credentials or compromising their accounts through the combination of other techniques. Affected Components Description Tested on following versions: SAP Biller Direct 7.0 (FSCM-BD) Vulnerability Details SAP Biller Direct allows…

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Unauthenticated Information Disclosure in CacheRegionAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause more serious consequences and expose systems to…

Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause more serious consequences and expose systems to…

IMPACT ON BUSINESS This URL Redirection vulnerability in SAP Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This gives  the attacker the ability to compromise the user’s confidentiality and integrity. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component…

Impact On Business One HTTP endpoint of the portal exposes sensitive information that could be used by an attacker with administrator privileges, in conjunction with other attacks (e.g. XSS). Affected Components Description SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.10 EP-RUNTIME 7.11 EP-RUNTIME 7.20 EP-RUNTIME 7.30 EP-RUNTIME 7.31…