Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

SAP Security Notes July 2015

From: Darya Maenkova <d.maenkova () erpscan com>
Date: Wed, 15 Jul 2015 16:19:42 +0300
*SAP Security Notes July 2015*
SAP <http://www.sap.com/>has released the monthly critical patch update for July 2015. This patch update closes a lot of vulnerabilities in SAP products, some of them belong in the SAP HANA security area. The most popular vulnerability is Missing Authorization Check. This month, one critical vulnerability found by ERPScan researcher Alexander Polyakov was closed. 

*Issues that were patched with the help of ERPScan*
Below are the details of SAP vulnerabilities that were found by ERPScan <http://www.erpscan.com/> researchers. 


 * A Missing Authorization Check vulnerability in SAP XML Data
   Archiving Service (CVSS Base Score: 3.5). Update is available in SAP
   Security Note 1945215
   <https://service.sap.com/sap/support/notes/1945215>. An attacker can
   use Missing Authorization Checks to access a service without any
   authorization procedures and use service functionality that has
   restricted access. This can lead to an information disclosure,
   privilege escalation, and other attacks.

*
*

*The most critical issues found by other researchers*
Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. Companies providing SAP Security Audit, SAP Security Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes: 


 * 2180049 <https://service.sap.com/sap/support/notes/2180049>: SAP ASE
   XPServer has a Missing Authorization Check vulnerability (CVSS Base
   Score: 9.3). An attacker can use Missing Authorization Checks to
   access a service without any authorization procedures and use
   service functionality that has restricted access. This can lead to
   information disclosure, privilege escalation, and other attacks. It
   is recommended to install this SAP Security Note to prevent risks.


 * 1952092 <https://service.sap.com/sap/support/notes/1952092>: IDES
   ECC has a Remote Command Execution vulnerability (CVSS Base Score:
   6.0). An attacker can use Remote Command Execution to run commands
   remotely without authorization. Executed commands will run with the
   privileges of the service that executes them. An attacker can access
   arbitrary files and directories located in an SAP server filesystem,
   including application source code, configuration, and critical
   system files. It allows obtaining critical technical and
   business-related information stored in the vulnerable SAP system. It
   is recommended to install this SAP Security Note to prevent risks.


 * 1971516 <https://service.sap.com/sap/support/notes/1971516>: SAP
   SERVICE DATA DOWNLOAD has a Remote command execution vulnerability
   (CVSS Base Score: 6.0). An attacker can use Remote Command Execution
   to run commands remotely without authorization. Executed commands
   will run with the privileges of the service that executes them. An
   attacker can access arbitrary files and directories located in an
   SAP server filesystem, including application source code,
   configuration, and critical system files. It allows obtaining
   critical technical and business-related information stored in the
   vulnerable SAP system. It is recommended to install this SAP
   Security Note to prevent risks.


 * 2183624 <https://service.sap.com/sap/support/notes/2183624>: SAP
   HANA database has an Information Disclosure vulnerability. An
   attacker can use Information Disclosure for revealing additional
   information (system data, debugging information, etc.) which will
   help to learn more about the system and to plan other attacks. It is
   recommended to install this SAP Security Note to prevent risks.
It is highly recommended to patch all those SAP vulnerabilities to prevent business risks affecting your SAP systems.
SAP has traditionally thanked the security researchers from ERPScan for found vulnerabilities on their acknowledgment page <http://scn.sap.com/docs/DOC-8218>. 


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: