SAP^® and Oracle^® Security Advisories

Arbitrary Redirect in Biller Direct 7.50 Impact On Business The users of SAP BillerDirect could be targeted and redirected to a malicious site, potentially stealing their credentials or compromising their accounts through the combination of other techniques. Affected Components Description Tested on following versions: SAP Biller Direct 7.0 (FSCM-BD) Vulnerability Details SAP Biller Direct allows…

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Unauthenticated Information Disclosure in CacheRegionAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause more serious consequences and expose systems to…

Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause more serious consequences and expose systems to…

IMPACT ON BUSINESS This URL Redirection vulnerability in SAP Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This gives  the attacker the ability to compromise the user’s confidentiality and integrity. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component…

Impact On Business One HTTP endpoint of the portal exposes sensitive information that could be used by an attacker with administrator privileges, in conjunction with other attacks (e.g. XSS). Affected Components Description SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.10 EP-RUNTIME 7.11 EP-RUNTIME 7.20 EP-RUNTIME 7.30 EP-RUNTIME 7.31…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP IGS is a widely-used, server-based engine for generating graphical and non-graphical…

Denial of Service in SAP NetWeaver AS ABAP Impact on Business A remote attacker can block all work processes of an SAP System running on SAP NetWeaver AS ABAP. This has a very high negative impact on the availability of the system and its business applications. Vulnerability Details The remote-enabled function module SPI_WAIT_MILLIS blocks a…