PwC ACE software has a remotely exploitable security vulnerability which allows injection and execution of malicious ABAP code on the remote SAP system. Version 8.10.304 is affected.
09d0145e8338540901d89d889ba9cd283557db57962fdcd684e04dc0bbc61648SAP Governance, Risk and Compliance (SAP GRC) suffers from SoD bypass, privilege escalation, and remote arbitrary program execution vulnerabilities.
2c6f6dd2ccedd0df4f801c917ff9f40ee8c504126cec43a0f77af7dde206d446SAP ERP Central Component PS-IS suffers from a remote code injection vulnerability.
5e58652bd4084d45a345426470327c91caa6fc06378fffda9da820fa86d98247A SAP NetWeaver vulnerability allows injection of ABAP code. In SAP security, this is the equivalent of getting an ultra-reliable ring 0 exploit which works through the network and never crashes. By exploiting this vulnerability an attacker can e.g. inject code which saves the passwords of all connecting SAP GUI users in a remote file, steal or change sensitive data such as HR salary information, execute bank transactions and transfer money, or simply plant an SAP backdoor for accessing the system later. The attacker can also manipulate or corrupt ABAP programs shipped by SAP and make the system inoperable.
bef5435dd9e71bc842aef59db42966ef03ac40124905e2ccd226ca1a86276d90SAP Basis Components versions 4.6B through 7.30 suffer from a remote command injection vulnerability.
439e261026af63ba9c8aeee51164c2ae9e2259c65267679fcd1b65b7fa4df04fSAP Production Planning and Control suffers from a privilege escalation vulnerability. This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions.
eff7e22f57554cfb6fb76dc4a0134bc770589d4294f8621e081e553afee5d7daThis vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting this vulnerability, an attacker can also control the transaction to be executed, allowing it to obtain critical rights in the system and bypassing certain segregation of duties (SoD) restrictions. Although this vulnerability is found in the SAP industry solution for healthcare, the functionality is also present in the SAP ERP central component (ECC 6). Thus, customers in other industries are also affected.
04068b72f2c992a2fd3f3c6c9328f3a8d53414cded64945a2d57f759d3167747Symantec Security Advisory - Files created by a Reporting Server may be accessible to an unauthorized user.
589ba56f401be09e9a8f35071b6a6e3ccaf8fdb6e6a9237a688e8a8e046e7299
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed