SAP^® and Oracle^® Security Advisories

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP IGS is a widely-used, server-based engine for generating graphical and non-graphical…

Impact On Business An unauthenticated attacker without specific knowledge of the system can send a specially crafted packet over a network which will trigger an internal error in the system causing the system to crash and rendering it unavailable. Affected Components Description The SAP dispatcher service is part of SAP Kernel. Mandatory, it manages, gathers…

Impact On Business One HTTP endpoint of the portal exposes sensitive information that could be used by an attacker with administrator privileges, in conjunction with other attacks (e.g. XSS). Affected Components Description SAP Enterprise Portal is a web frontend component for SAP Netweaver. Affected components: EP-RUNTIME 7.10 EP-RUNTIME 7.11 EP-RUNTIME 7.20 EP-RUNTIME 7.30 EP-RUNTIME 7.31…

Impact On Business Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service. Affected Components Description SAP Solution Manager 7.2 (Check SAP Note 2938650 for detailed information on affected releases) Vulnerability Details An open redirect vulnerability exists in the application E2E Trace…

Impact On Business Any authenticated user of the Solution Manager is able to craft/ upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality and Availability. Affected Components Description SAP SolMan 7.2 introduces a bunch of web services which run on top of the SAP Java NetWeaver stack. The affected versions have a…

Impact On Business By abusing a Code Injection in SAP MII, an authenticated user with SAP XMII Developer privileges could execute code (including OS commands) on the server. Thus, they would be able to do everything a SAP Administrator is able to do. Some possible actions are: Access to the SAP databases and read/modify/erase any…

Impact On Business An attacker can generate download-links sequentially targeting “impex” directory files. As a consequence, they will be able download most of these files, potentially disclosing critical Hybris information such as credentials. Affected Components Description SAP Hybris is an ecommerce platform that is used to address a family of products involving Customer Experience and…

Impact On Business SAP Hybris accelerator services module is vulnerable to server side request forgery, which means that an authenticated attacker is able to perform POST requests to any valid URL. Affected Components Description SAP Hybris is an ecommerce product platform that is used to address a family of products involving Customer Experience and Management….

Impact On Business The vulnerability can allow an attacker to inject OS commands and thus gain complete control of the host running the CA Introscope Enterprise Manager. That exploit can be started remotely and does not require authentication or any privileges. Affected Components Description CA Introscope Enterprise Manager is part of CA APM Introscope(R), an…