Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
ad2a546198819c5e3808faa124d00d50475caa98031463ff99dd70806f19a4fdOnapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.
536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754ebOnapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.
368ce04e67548cdb573e6df82ff6477de56a2a3d247070855e42496c9c199e7fOnapsis Security Advisory - Under certain conditions, the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator.
5ca7d3e9291f057648e9f6f695e85a6ed4865966ffa4228700ba29b2884a76f7Onapsis Security Advisory - SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements.
bb14e2959b52d187e9b6acc4384e410e0927c0d33b3653e304b8da39ef6615f8Onapsis Security Advisory - The RFC function 'RSDU_CCMS_GET_PROFILE_PARAM' in SAP NetWeaver Business Warehouse does not perform any authorization check prior to retrieving the profile parameter value.
3c233c38c81809ef00b14c725f0450fa3f1b614cdc114e9d7e1072e437a12d1cOnapsis Security Advisory - SAP BW-SYS-DB-DB4 component contains a remote-enabled RFC function that does not perform authorization checks prior to retrieving sensitive information.
51b510290e9cdab39a4eb560d76f8a1a92ad4e2479c00ecb93a399c7bd8fc80aOnapsis Security Advisory - SAP_JTECHS suffers from an HTTP verb tampering vulnerability. By exploiting this vulnerability, a remote unauthenticated attacker would be able to access restricted functionality and information. SAP Solution Manager 7.1 is affected.
6580ff640350c05f48f65976b0b95f4281af8ee4134bb35be5c0dfed235ecb75Onapsis Security Advisory - SAP is missing an authorization check in profile maintenance. SAP Solution Manager version 7.1 is affected.
b7c303f7bf2fdf075bdc1e6b7520a92fcb05d90222559301ac050e06fa65efc3Onapsis Security Advisory - SAP background processing suffers from a missing authorization check. A remote authenticated attacker could execute the vulnerable RFC function and obtain sensitive information regarding the target application server. SAP Solution Manager version 7.1 is affected.
59f5fd063cd638475b56911c3f860c68eb3d9222d3f786d79c7538b9fdef6595Onapsis Security Advisory - An information disclosure exists in SAP Software Lifecycle Manager. SAP Solution Manager version 7.1 is affected.
66175ddf4ff1b483f9589574588c2c2d8333d5951f8f26a85a6a946dc17690be
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed