SAP^® and Oracle^® Security Advisories

Impact On Business Any authenticated user of the Solution Manager is able to craft/ upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality and Availability. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on top of the SAP Java NetWeaver stack. The affected versions have a…

Impact On Business Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service. Affected Components Description SAP Solution Manager 7.2 (Check SAP Note 2938650 for detailed information on affected releases) Vulnerability Details An open redirect vulnerability exists in the application E2E Trace…

Denial of Service in SAP NetWeaver AS ABAP Impact on Business A remote attacker can block all work processes of an SAP System running on SAP NetWeaver AS ABAP. This has a very high negative impact on the availability of the system and its business applications. Vulnerability Details The remote-enabled function module SPI_WAIT_MILLIS blocks a…

Impact On Business A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system. Affected Components Description SAP NetWeaver JAVA is a foundational layer which is used by several SAP products, such as: SAP Enterprise portal SAP Solution Manager SAP PI/PO…

Impact On Business A malicious authenticated attacker, with privileges of SAP SMD Agent access, could abuse some SAP Host Control functions’ lack of sanitization, in order to escalate its privileges and execute commands as root/system user. Affected Components Description The SAP Host Agent is an agent which allows controlling and monitoring SAP and non-SAP instances….

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on a particular web service exposed by default in SAP Netweaver JAVA stack, allowing them to fully compromise the targeted system. Affected Components Description LM CONFIGURATION WIZARD is a part of SAP NetWeaver JAVA which is a foundational layer used by…

Impact On Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on…

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits:

Please fill in the following form in order to download the selected Onapsis’ resource. The system will send you a download link to your email. By registering, you will obtain the following benefits: