-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption

1. Impact on Business
=====================

By exploiting this vulnerability an unauthenticated attacker could read or
write
any business-relevant information from the Business Intelligence Platform
and also
render the system unavailable to other users.

Risk Level: High


2. Advisory Information
=======================

* Public Release Date: 09/22/2015
* Last Revised: 09/22/2015
* Security Advisory ID: ONAPSIS-2015-013
* Onapsis SVS ID: ONAPSIS-00105
* CVE:  N/A
* Researcher: Will Vandevanter
* Vendor Provided CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
* Onapsis CVSS v2: 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
* Onapsis CVSS v3: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)


3. Vulnerability Information
============================
* Vendor:  SAP AG
* Affected Components:
  * BussinessObjects Edge 4.0
  * BussinessObjects BI Platform 4.1
  * BOXI 3.1 R3

* Vulnerability Class: Buffer Copy without Checking Size of Input (CWE-120)
* Remotely Exploitable: Yes
* Locally Exploitable: No
* Authentication Required: No
* Original Advisory:
http://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption


4. Affected Components Description
==================================

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning, reporting,
query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact with
different platform services.

5. Vulnerability Details
========================

A mishandling of a malformed GIOP packet causes the remote listener to
crash while reading from invalid memory.


6. Solution
===========

Implement SAP Security Note 2001108.


7. Report Timeline
==================

12/23/2013: Onapsis provides vulnerability information to SAP AG.
12/24/2013: SAP AG confirms reception of vulnerability report.
01/14/2014: SAP reports fix is In Process.
05/12/2015: SAP releases SAP Security Note 2001108 fixing the vulnerability.
09/22/2015: Onapsis Releases Security Advisory.


About Onapsis Research Labs
===========================
Onapsis Research Labs provides the industry analysis of key security issues
that impact business-critical
systems and applications. Delivering frequent and timely security and
compliance advisories with associated
risk levels, Onapsis Research Labs combine in-depth knowledge and
experience to deliver technical and
business-context with sound security judgment to the broader information
security community.


About Onapsis, Inc.
===================

Onapsis gives organizations the adaptive advantage to succeed in securing
business-critical applications
by combining technology, research and analytics. Onapsis enables every
security and compliance team an
adaptive approach to focus on the factors that matter most to their
business– critical applications
that house vital data and run business processes including SAP Business
Suite, SAP HANA and SAP Mobile deployments.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team

iEYEARECAAYFAlYBXocACgkQz3i6WNVBcDWzQACfXNTkrGnjNw3VAS9NMlHfrE8u
ZCYAn3KgsLS4ilR5Yy9a5tGj3khotWmE
=tuOy
-----END PGP SIGNATURE-----