SAP^® and Oracle^® Security Advisories

IS-OIL – OS Command Injection FM OIB_QCI_SERVER Impact On Business Successful attack could allow an attacker to execute blind operating system command as SAP System Administrator user (sidadm). Lead to full compromise the SAP Netweaver System. Vulnerability Details An OS command injection vulnerability exists in FM OIB_QCI_SERVER, delivered by OIB_QCI package and provided by IS-OIL…

Memory Corruption vulnerability in SAP CommonCryptoLib Impact On Business A manipulated data package with a corrupted SNC NAME ASN.1 structure can lead to a parser error and a crash of the application. Vulnerability Details A memory corruption vulnerability exists for sec1_gss_import_name() in libsapcrypto.so library. The function trusts the incoming size parameter for a specific option….

SAP Netweaver JAVA – Log viewer injection Impact On Business An unauthenticated attacker can use the login form to create additional information entries in SAP Log Viewer leading to obscure actions, complicate the log analysis as well as could break some automated log analyser tools. Vulnerability Details It is possible to inject “NewLine” characters in…

SAP Portal – Authenticated XXE in SystemFromParConverter Impact On Business Successful attacks impact the confidentiality of the SAP Portal. Vulnerability Details The web service com.sap.portal.ivs.systemlandscapeservice.SystemFromParConverter in SAP Portal resolving external entities during the parsing of the PAR file. Attackers could reference http requests or file access by new entities, making the parser load the result…

SAPStartSrv – Pre-auth buffer overflow Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as NT System or root users. If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could use it to execute arbitrary…

SAPStartSrv – Pre-auth OS Command injection as root or system Impact On Business If parameter service/localconnection = compat : Remotely, an unauthenticated attacker could use it to execute arbitrary commands on the OS side as system administrator (root or SYSTEM) If parameter service/localconnection is not set : Locally, an authenticated attacker with low privileges could…

Cross-Site Scripting XSS vulnerability in SAP NetWeaver AS ABAP Impact On Business Impact depends on the victim’s privileges. In worst cases, a successful attack allows an attacker to hijack a session, or force the victim to perform undesired requests in the SAP system. Affected Components Description The SAP Host Agent can accomplish several life-cycle tasks…

SAP Host Agent – SAPOscol Namespace – Missing authentication Impact On Business Successful attacks lead to information disclosure as well as extend the scope for an attacker. Affected Components Description The SAP Host Agent can accomplish several life-cycle tasks like : operating system monitoring, database monitoring, system instance control or upgrade preparation. Installed automatically during…

SAP Netweaver ABAP – EPS_OPEN_INPUT_FILE path traversal Impact On Business An attacker with high level privileges can use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. Affected Components Description SAP NetWeaver Application Server for ABAP provides both the…