-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption 1. Impact on Business ===================== By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users. Risk Level: High 2. Advisory Information ======================= * Public Release Date: 09/22/2015 * Last Revised: 09/22/2015 * Security Advisory ID: ONAPSIS-2015-013 * Onapsis SVS ID: ONAPSIS-00105 * CVE: N/A * Researcher: Will Vandevanter * Vendor Provided CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:C) * Onapsis CVSS v2: 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) * Onapsis CVSS v3: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H) 3. Vulnerability Information ============================ * Vendor: SAP AG * Affected Components: * BussinessObjects Edge 4.0 * BussinessObjects BI Platform 4.1 * BOXI 3.1 R3 * Vulnerability Class: Buffer Copy without Checking Size of Input (CWE-120) * Remotely Exploitable: Yes * Locally Exploitable: No * Authentication Required: No * Original Advisory: http://www.onapsis.com/research/security-advisories/SAP-Business-Objects-Memory-Corruption 4. Affected Components Description ================================== Business Objects is part of the Business Intelligence platform from SAP. It has components that provide performance management, planning, reporting, query and analysis and enterprise information management. Every Business Objects installation provides a web service to interact with different platform services. 5. Vulnerability Details ======================== A mishandling of a malformed GIOP packet causes the remote listener to crash while reading from invalid memory. 6. Solution =========== Implement SAP Security Note 2001108. 7. Report Timeline ================== 12/23/2013: Onapsis provides vulnerability information to SAP AG. 12/24/2013: SAP AG confirms reception of vulnerability report. 01/14/2014: SAP reports fix is In Process. 05/12/2015: SAP releases SAP Security Note 2001108 fixing the vulnerability. 09/22/2015: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications by combining technology, research and analytics. Onapsis enables every security and compliance team an adaptive approach to focus on the factors that matter most to their business– critical applications that house vital data and run business processes including SAP Business Suite, SAP HANA and SAP Mobile deployments. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlYBXocACgkQz3i6WNVBcDWzQACfXNTkrGnjNw3VAS9NMlHfrE8u ZCYAn3KgsLS4ilR5Yy9a5tGj3khotWmE =tuOy -----END PGP SIGNATURE-----