Penetration Testing mailing list archives
[Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement
From: Onapsis Research Labs <research () onapsis com>
Date: Wed, 27 May 2015 15:27:56 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-006: SAP HANA Information Disclosure via SQL IMPORT FROM statement 1. Impact on Business ===================== Under certain conditions some SAP HANA Database commands could be abused by a remote authenticated attacker to access information which is restricted. This could be used to gain access to confidential information. Risk Level: Medium 2. Advisory Information ======================= - - Public Release Date: 2015-05-27 - - Subscriber Notification Date: 2015-05-27 - - Last Revised: 2015-05-27 - - Security Advisory ID: ONAPSIS-2015006 - - Onapsis SVS ID: ONAPSIS-00142 - - CVE: CVE-2015-3995 - - Researcher: Sergio Abraham, Fernando Russ, Nahuel D. Sánchez - - Initial Base CVSS v2: 4 (AV:N/AC:L/Au:S/C:P/I:N/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP A.G. - - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) - - Vulnerability Class: Improper Access Control (CWE-284) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Original Advisory: http://www.onapsis.com/research/security-advisories/SAP-HANA-information - -disclosure-via-SQL-import-from-statement 4. Affected Components Description ================================== SAP HANA is a platform for real-time business. It combines database, data processing, and application platform capabilities in-memory. The platform provides libraries for predictive, planning, text processing, spatial, and business analytics. 5. Vulnerability Details ======================== A remote authenticated attacker, could access confidential information using specially crafted SQL statement which leads him to read arbitrary files from the OS through the database command READ FILE IMPORT available to be performed inside any SQL query. 6. Solution =========== Implement SAP Security Note 2109565 7. Report Timeline ================== 2014-10-18: Onapsis provides vulnerability information to SAP AG. 2014-10-19: SAP AG confirms having the information about the vulnerability. 2015-01-13: SAP AG publishes security note 2109565 which fixes the problem. 2015-05-27: Onapsis publishes security advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlVmDKgACgkQz3i6WNVBcDV+XgCeKE+ulvXCD/nuU4YshckzsSVd 6VsAoIAI/HV7lNQ+KyL52ssSBe2D+Zln =/P7V -----END PGP SIGNATURE----- ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [Onapsis Security Advisory 2015-006] SAP HANA Information Disclosure via SQL IMPORT FROM statement Onapsis Research Labs (May 27)