SAP^® and Oracle^® Security Advisories

Reflected Cross Site Scripting in SESSION_HTML app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

Directory Traversal in SAP NetWeaver Application Server (AS) for ABAP and ABAP Platform Impact On Business An authenticated attacker with low privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver…

Directory Traversal vulnerability in SAP NetWeaver (BI_CONT Add-On) Impact On Business An authenticated attacker with high privileges can leverage a directory traversal flaw to overwrite a file which is otherwise restricted. On successful exploitation an attacker can compromise the availability and integrity of the system. Affected Components Description SAP NetWeaver AS for ABAP and ABAP…

Multiple Reflected Cross Site Scripting vulnerabilities in SBSPEXT_PHTMLB package Impact On Business By exploiting any of these vulnerabilities a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal user sessions or other information. Affected Components Description SAP_BASIS 700 SP…

Reflected Cross Site Scripting in WBA_SESS_REPORT app Impact On Business By exploiting this vulnerability a remote attacker could trick users into clicking malicious links and depending on the level of protection that the browser provides, the attacker could potentially steal their user sessions or other information. Affected Components Description This vulnerability affects ST 720 SP…

SAP MII Remote Code Execution Due to Unrestricted File Upload Impact On Business An attacker that successfully exploits this vulnerability can execute OS Commands as adm user Affected Components Description Tested on following versions: SAP Java 7.40 with SAP MII 15.3 Vulnerability Details SAP MII (Manufacturing Integration and Intelligence) has a platform called “Self Service…

Arbitrary Redirect in Biller Direct 7.50 Impact On Business The users of SAP BillerDirect could be targeted and redirected to a malicious site, potentially stealing their credentials or compromising their accounts through the combination of other techniques. Affected Components Description Tested on following versions: SAP Biller Direct 7.0 (FSCM-BD) Vulnerability Details SAP Biller Direct allows…

MS_ACL_INFO bypass under special conditions Impact On Business The Message Server is a central component of every SAP system. When, certain conditions are met (listed in a further section) the ACL INFO stops working and therefore any unauthenticated attacker can register new application servers (10Kblaze attack). Affected Components Description Every Message Server binary between SAP…

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a SAP Solution Manager java-based instance, could be able to execute OS commands and potentially compromise the targeted system Affected Components Description Tested on following versions: Java Kernel versions: 7.50.3301.472568.20220902101413 7.50.3301.467525.20210601093523 7.50.3301.407179.20200416085516   SERVERCORE/CORE-TOOLS/J2EE-FRMW components…