The Communication Profiles functionality provided within SAP JAVA NetWeaver suffers from an XML external entity injection vulnerability.
148727acfbb4a8a75ea11ebaf68ed2fcc427fa652ac0cb1a7e2f15ae72c6fc66Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.
ad2a546198819c5e3808faa124d00d50475caa98031463ff99dd70806f19a4fdAny authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.
bdc7e6c1e337b3a9375a591f67ba31840609fc29cc4d04938ddbb01ed4b453aaThe End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.
e7df5522b5218db217d73908552d4067a8c0fedc1d3ce58d9455d1d4c14f7d01This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.
0d5122d6fb0ba7f681b7229fc5c197780b51710c6395404115ad8686072b2b08SAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in SCTC_REFRESH_CONFIG_CTC.
687b1abdf061c25448d8078207267121d66fc61153b0c01ebfb48546e7fe3ab3SAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in SCTC_REORG_SPOOL.
1517d473275190d714f68c8e5b64ce52162f23de86d95e76ba101651b720bb43SAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in SCTC_TMS_MAINTAIN_ALOG.
5b5b36310db340722cc3361ec4f659c8cd7c00bbaa4b49e34fec23b994713be0SAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in SCTC_REFRESH_IMPORT_USR_CLNT.
a4de11bcf1661481197db31f9b2b638350c10d8d54f02b10699db0167d5fa303SAPCRYPTOLIB version 5.555.38 suffers from a missing signature check in its DSA algorithm.
c57e938e01fd374e72b21d0aa73cc8d0c2ca106f33d2addda4e763f24c2e5a95SAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in SCTC_REFRESH_IMPORT_USR_CLNT.
a8c367bdf4221ca8854b79fe4ceb7e4596e9d9cda855b6f8a1e5f94bbcae970eSAP Netweaver version 7.40 SP 12 suffers from an OS command injection vulnerability in PREPARE_CHECK_CAPACITY.
f3adb601ddc92854728dd2ee8a7942701a0cd93b9ae01ead9009fb048194fcadThe SAP Netweaver version 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
cdea10037f25f37e68dadc3dd2a5c0d0f27caaca32899c47a4e16ddc8f3b72ebThe SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_CHECK_ENV function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
b35e9f6613d4f1f23468ca6d75fc9ed768d97653f4622f0c9116590ea888b4f4The SAP Netweaver version 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP function does not correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.
48c0424ccdff8795c1c8e34571da47df3e36d4472a09787da490e76fa363125cSAP HANA DB version 1.00.091.00.1418659308 suffers from a user information disclosure vulnerability.
bdc9caa13cd84ad00e89d70d09818e47227a940de378774fee051e8ed6f20745SAP HANA DB version 1.00.73.00.389160 fails to institute any brute force protections for gaining access to the SYSTEM user.
e54c00ad538a9ab4bb746b89bec5d3d9f413b27ed333de41b4692b06ad183cd9SAP HANA version 1.00.091.00.1418659308 suffers from a get topology information disclosure vulnerability.
e75c9fed09b354564d28969a1389e8b9410fd2173c6b155ffb2381ac96e43e93Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.
7869861a8cf7d5ac351d96a4bde8a820fc9cf69a49a6804cb69e0ab966bc97ceOnapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.
536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754ebOnapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
f3b215fc645ed5adb73a39c5c8db51b7f63d88844aaeb6ee126baf1e0fc6ffdaOnapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
2bf8dc1f0018c72dd7928ea2e39a57b4c7a243e7a5cde3f12425bfe6876cac15
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed