SAP^® and Oracle^® Security Advisories

MS_ACL_INFO bypass under special conditions Impact On Business The Message Server is a central component of every SAP system. When, certain conditions are met (listed in a further section) the ACL INFO stops working and therefore any unauthenticated attacker can register new application servers (10Kblaze attack). Affected Components Description Every Message Server binary between SAP…

Unauthenticated potential RCE in FM_GPCR_OS_COMMAND P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a SAP Solution Manager java-based instance, could be able to execute OS commands and potentially compromise the targeted system Affected Components Description Tested on following versions: Java Kernel versions: 7.50.3301.472568.20220902101413 7.50.3301.467525.20210601093523 7.50.3301.407179.20200416085516   SERVERCORE/CORE-TOOLS/J2EE-FRMW components…

Unauthenticated blind SSRF in SmdSapHostAgentBridge Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPGrmgClassicCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated blind SSRF in SAPPingHTTPCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager, could force the Diagnostic Agent to perform arbitrary server side requests. As a consequence, internal infrastructure could be affected leveraging the network position. Affected Components Description Tested on following versions:…

Unauthenticated RCE in EventLogServiceCollector Impact On Business An anonymous attacker with access to the P4 port of the Java instance of a Solution Manager running on Windows OS, could execute arbitrary commands. As a consequence, despite having the possibility to fully compromise the targeted system, an attacker could leverage the network position to keep pivoting…

Unauthenticated JNDI Injection in RemoteObjectFactory P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exploita JNDI injection in order to be able to turn on applications. As a consequence, further attacks could be executed by leveraging flaws or features in the…

Unauthenticated Information Disclosure in ObjectAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…

Unauthenticated Information Disclosure in CacheRegionAnalyzer P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to exfiltrate sensitive technical information that could be leveraged for future attacks. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs may cause…