SAP^® and Oracle^® Security Advisories

Impact On Business An unauthenticated attacker with access to the HTTP(s) port of a SAP Enterprise Portal, would be able to turn on deployed applications. As a consequence, stopped applications may be turned on which could lead to further severe consequences. This vulnerability is part of a bigger family named P4CHAINS. This group of bugs…

Unauthenticated read of OS files and DoS in locking P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to read any OS file and/or make the system completely hang by asking applications locks. As a consequence, the system’s availability could be totally…

HTTP Request Smuggling in SAP Web Dispatcher Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to read stored credential in plain text, execute RFC function implemented by the targeted system or even create, modify or delete stored connections. As a consequence, the system…

Unauthenticated SQL Injection and DoS in SeachFacade P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to read any table from the database, modify sensitive information and/or cause a Denial of Service against the targeted system. As a consequence, sensitive information could be…

Unauthenticated SQL Injection and DoS in JobBean P4 service Impact On Business An unauthenticated attacker with access to the P4 port of a java-based SAP solution, would be able to read any table from the database, modify sensitive information and/or cause a Denial of Service against the targeted system. As a consequence, sensitive information could be…

Impact On Business This vulnerability can be used by an attacker to make a Denial of Service to SAP Netweaver Java, making HTTP server unavailable during attack execution. Affected Components Description One of the principal entry points in all SAP Application Server Java is the HTTP Web Server. As part of this service there are…

HTTP Request Smuggling in SAP Web Dispatcher Impact On Business By injecting an HTTP request as a prefix into a victim’s request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as a prefix. It is also possible to inject a…

IMPACT ON BUSINESS An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. AFFECTED COMPONENTS DESCRIPTION The SAP Cryptographic Library manages digital signatures in SAP systems as well as…

IMPACT ON BUSINESS This URL Redirection vulnerability in SAP Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This gives  the attacker the ability to compromise the user’s confidentiality and integrity. AFFECTED COMPONENTS DESCRIPTION SAP Enterprise Portal is a web frontend component…