Next Page >>
SAP NetWeaver
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
SAP Netweaver Dispatcher Multiple Vulnerabilities
1. *Advisory Information*
Title: SAP Netweaver Dispatcher Multiple Vulnerabilities
Advisory ID: CORE-2012-0123
[DSECRG-11-041] SAP NetWeaver - Authentication bypass (Verb Tampering)
Authentication bypass vulnerability in SAP NetWeaver CTC service can be exploited for unauthorized user management and OS command execution.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: Auth bypass, Verb tampering
Reported: 14.03.2011
[DSECRG-11-010] SAP NetWeaver logon.html - XSS
SAP NetWeaver BSP logon page has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-010 (Internal DSecRG-00127)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver SAP_BASIS 620-730
Vendor URL: http://www.sap.com
Bugs: XSS
[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS
SAP NetWeaver Integration Directory has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-013 (Internal DSecRG-00163)
Application: SAP NetWeaver Runtime
Versions Affected: SAP NetWeaver Runtime
Vendor URL: http://www.sap.com
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS
SAP NetWeaver Integration Directory has multiple linked XSS vulnerabilities.
Digital Security Research Group [DSecRG] Advisory DSecRG-11-012 ( Internal DSecRG-00159)
Application: SAP NetWeaver XI
Versions Affected: SAP NetWeaver XI
Vendor URL: http://www.sap.com
[DSECRG-11-009] SAP NetWaver XI SOAP Adapter - XSS
SAP NetWeaver 7.0 application XI SOAP Adapter has linked XSS vulnerability
Digital Security Research Group [DSecRG] Advisory DSecRG-11-009 (Internal DSecRG-00120)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver XI SOAP Adapter 3.0-7.11
Vendor URL: http://www.sap.com
Bugs: XSS
SAP NetWeaver JavaMailExamples has linked XSS vulnerability.
Digital Security Research Group [DSecRG] Advisory (Internal DSecRG-00135)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver JavaMailExamples
Vendor URL: http://www.SAP.com
Bugs: XSS
Exploits: YES
[DSECRG-11-036] SAP NetWaver Virus Scan Interface - multiple XSS
SAP Netweaver Virus Scan Interface has linked XSS vulnerabilities.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: XSS
Reported: 01.04.2010
Vendor response: 08.04.2010
[DSECRG-11-034] SAP NetWeaver J2EE MeSync – information disclose
Attacker can get information about mobile engine version and sometimes the name of the technical user.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver MI 2
Vendor URL: http://www.SAP.com
Bugs: information disclosure
Reported: 29.07.2011
Vendor response: 30.07.2011
[DSECRG-11-037] SAP BW Doc - Multiple XSS
BW DOC metadata application in SAP NetWeaver is vulnerable to XSS attack.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: XSS
Reported: 14.03.2011
Vendor response: 16.03.2011
4. Affected Components Description
==================================
The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With
the SAP Web Application Server you can implement both server-based and client-based Web applications.
As of SAP NetWeaver 04, the ITS is now integrated into the SAP NetWeaver component SAP Web Application Server as an Internet Communication Framework
(ICF) service, which can, like other services, be accessed through the Internet Communication Manager (ICM). With the SAP Web Application Server with
integrated ITS functionality, the Web browser communicates directly with the SAP system.
Title: SAP Netweaver 6.40-7.0 Persistent Cross-Site-Scripting
Author: Jaime Blasco (at) aitsec.com http://www.aitsec.com
Description: SAP Netweaver have a web interface for accesing filesystem of the portal, users can make "feedbacks" of
files, input passed to the content of these feedbacks is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site
Solution: This issue can be solved activating "Secure Editing" in Portal
[DSECRG-11-040] SAP NetWeaver SPML - XML CSRF user creation
Attacker can create a new user in J2EE Engine using CSRF attack on SPML service.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: CSRF
[DSECRG-11-039] SAP NetWeaver TH_GREP module - Code injection vulnerability (NEW)
TH_GREP report is vulnerable for command execution vulnerability which is working with previous patch (note 1433101). Remote OS command execution is possible
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: Command execution
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal DSecRG-00197)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
- - Vendor: SAP
- - Affected Components:
. SAP NetWeaver 2004 < SP21
. SAP NetWeaver 2004s < SP13
- - Vulnerability Class: HTML Code Injection
- - Remotely Exploitable: Yes
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-014
Original advisory: http://dsecrg.com/pages/vul/show.php?id=114
Application: SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms)
Vendor URL: http://SAP.com
Bugs: Multiple Stored XSS
Risk: Hight
Exploits: YES
Reported: 04.12.2008
[DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose
com.sap.ipc.webapp.ipcpricing application has information disclose vulnerability
Digital Security Research Group [DSecRG] Advisory DSECRG-11-032 (Internal DSecRG-00197)
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-021
Original advisory: http://dsecrg.com/pages/vul/show.php?id=121
Application: SAP Cfolders (SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms))
Vendor URL: http://SAP.com
Bugs: Multiple Liked XSS
Risk: Hight
Exploits: YES
Reported: 12.01.2009
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-040
Application: SAP Netweaver
Versions Affected: Version 6.4 - 7.0
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 26.05.2009
Digital Security Research Group [DSecRG] Advisory DSecRG-09-068
Application: SAP NetWeaver SLD
Versions Affected: 6.4 - 7.02
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 14.12.2009
Vendor response: 15.12.2009
Avira AntiVir Premium
Avira Premium Security Suite
Avira AntiVir Professional
Avira AntiVir for KEN! 4
Avira AntiVir SharePoint
Avira AntiVir Virus Scan Adapter for SAP NetWeaver®
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir MIMEsweeper
Avira AntiVir Domino
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack.
Digital Security Research Group [DSecRG] Advisory (Internal #DSECRG-00195)
Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: www.sap.com
Bugs: Auth bypass, directory traversal, smbrelay
Exploits: YES
Reported: 15.01.2011
[DSECRG-11-038] SAP RSTXSCRP report - smb relay vulnerability
SAP RSTXSCRP Report has path traversal vulnerability which can lead to SMB relay attack and full control on system.
Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.SAP.com
Bugs: Path traversal, SMBRelay
Reported: 14.03.2011
Vendor response: 16.03.2011
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product: NetWeaver/Web DynPro
# Vendor: SAP (www.sap.com)
# CVD ID: CVE-2008-3358
# Subject: Cross-Site Scripting Vulnerability
# Risk: High
# Effect: Remotely exploitable
4. Affected Components Description
==================================
The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With
the SAP Web Application Server you can implement both server-based and client-based Web applications.
5. Vulnerability Details
========================
4. Affected Components Description
==================================
The SAP Web Application Server (WebAS) is the application platform of the SAP NetWeaver, which is the basis for the other NetWeaver components. With
the SAP Web Application Server you can implement both server-based and client-based Web applications.
5. Vulnerability Details
========================
Is one of the leading IT security companies in CEMEA, providing information security consulting, audit and penetration testing services, ERP and SAP security assessment, certification for ISO/IEC 27001:2005 and PCI DSS and PA DSS standards.
Digital Security Research Group:
International subdivision of Digital Security company focused on research and software development for securing business-critical systems like: enterprise applications (ERP,CRM,SRM), technology systems (SCADA, Smart Grid) and banking software. DSecRG developed new product "ERPSCAN security suite for SAP NetWeaver" and service "ERPSCAN Online" which can help customers to perform automated security assessments and compliance checks for SAP solutions.
Contact: research [at] dsecrg [dot] com
http://www.dsecrg.com
http://www.erpscan.com
http://www.dsecrg.com/pages/vul/show.php?id=133
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-033
Application: SAP NetWeaver Application Server (Java)
Versions Affected: Version 7.0
Vendor URL: http://SAP.com
Bugs: XSS
Exploits: YES
Reported: 18.03.2009
4. Affected Components Description
==================================
The SAP J2EE Engine is a key component of the SAP NetWeaver application platform, which enables the development and execution of Java solutions in SAP
landscapes.
The J2EE Engine is the component on which, for example, the SAP Enterprise Portal solution is built and executed.
Next Page>>
|
