Due to a flaw in SAP HANA DB version 1.00.73.00.389160, a remote unauthenticated attacker could read remote logs containing technical information about the system which could help to facilitate further attacks against the system.
fd289a49117a0a823798ba0eed96cdc41815b67bc8c0a02046f5482b8e5ad75b
Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon.
fe92bef621155fd9c83158e63e2b87c27bed041ce6cc8df753d8ab75d5fcd6af
A vulnerability exists in the Windows Ancillary Function Driver for Winsock (afd.sys) can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. Due to a flaw in AfdNotifyRemoveIoCompletion, it is possible to create an arbitrary kernel Write-Where primitive, which can be used to manipulate internal I/O ring structures and achieve local privilege escalation. This exploit only supports Windows 11 22H2 up to build 22621.963 (patched in January 2023 updates).
d5a189a643f3c07d66a853b96018a65f135901780840ff23dc17f6a405330ebb
Asterisk Project Security Advisory - On September 8, the Asterisk development team released the AST-2016-007 security advisory. The security advisory involved an RTP resource exhaustion that could be targeted due to a flaw in the "allowoverlap" option of chan_sip. Due to new information presented to the Asterisk team by Walter Doekes, they have made updates to the advisory.
570e74e1a02b9da9c957b15a54db607f1a0d2d9692d3bdfc29f57249f8d22599
Onapsis Security Advisory - SAP HANA suffers from a Drop Credentials remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify system settings and delete credentials which could affect other users in the HANA system, engaging into a DoS attack.
d444a5ba1af38fd63f1e5f5e68d842b9592909177de11dc45575d4678f9cd8c4
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in getSqlTraceConfiguration function. By exploiting this vulnerability an attacker could read sensitive business information stored in the HANA system and change configuration parameters which could render the system unavailable for other users.
eb43d022e8fddd6eecbc5626bd6c632f0e9e075f3e94ea6552a956f95eaf9793
Onapsis Security Advisory - SAP HANA suffers from a cross site scripting vulnerability during user creation. By exploiting this vulnerability a remote authenticated attacker would be able to attack other users connected to the HANA system.
093745f32867efd7e25fa4d1c9f8e459a0b267da21290b330cd5539db3fe4689
Onapsis Security Advisory - SAP HANA role deletion through web-based development workbench suffers from a cross site scripting vulnerability.
6755cf7f8153415edfc191048e8bdf9b8ee3cf270ab9a887093629b129a6311c
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the trace configuration. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users.
28e3ad290a4fc8f5f373142a21e20d0d46d3545bc5d3b66532fee4c38b603644
Onapsis Security Advisory - SAP HANA suffers from a remote SQL injection vulnerability in the setTraceLevelsForXsApps function. By exploiting this vulnerability an attacker could change configuration settings in the HANA system, affecting the integrity of the data stored and possibly turning the platform unavailable to other users, who won't be able to perform their assigned business operations.
7869861a8cf7d5ac351d96a4bde8a820fc9cf69a49a6804cb69e0ab966bc97ce
Onapsis Security Advisory - SAP HANA suffers from an XSJS code injection vulnerability in test-net.xsjs. By exploiting this vulnerability a remote authenticated attacker would be able to partially compromise the SAP system as well as all the information processed and stored in the HANA system.
536c2f5bd066d0dd00d1598734d6f710d8be3e982bbd78bef9d75361bc5754eb
Onapsis Security Advisory - The SAP HANA _newUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
f3b215fc645ed5adb73a39c5c8db51b7f63d88844aaeb6ee126baf1e0fc6ffda
Onapsis Security Advisory - The SAP HANA _modifyUser function suffers from a remote SQL injection vulnerability. By exploiting this vulnerability an attacker could modify information related to users of the HANA system, affecting the integrity of the data stored.
2bf8dc1f0018c72dd7928ea2e39a57b4c7a243e7a5cde3f12425bfe6876cac15
Onapsis Security Advisory - SAP HANA hdbsql suffers from multiple memory corruption vulnerabilities. By exploiting this vulnerability an attacker could abuse of management interfaces to execute commands on the HANA system and ultimately compromise all the information stored and processed by the system.
368ce04e67548cdb573e6df82ff6477de56a2a3d247070855e42496c9c199e7f
Onapsis Security Advisory - SAP Business Objects suffers from a memory corruption vulnerability. By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.
38f5d4c8882c9a29b1c46ec18ce9b8b283de108c7ffe457c455f9e65e781276c
The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault has a special mechanism to generate a default set of credentials if no password/salt is supplied during the creation of the secure storage. In this mode of operation the password/salt is derived from a combination of fixed values and the VaultID belonging to the secure storage.
32913d9c0e2b94e7527b9505f766bc7240c4bd0dc83949976a4b1580dfab6d6d
The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. The SAP DataVault uses a special password derived from well-known values to encrypt some configuration values like the count of invalid attempts to unlock a secure store. This password is a composition of a value which is available in plaintext form inside the secure store container, and a fixed value. Also, the salt used is fixed. Both values are statically defined by the SAP DataVault implementation, and do not depend neither on the installation nor on the usage of the DataVault.
ca2a1ef0f9df48466ca59b88143c1cb70baf5e0e78eae224f7995bf13e67bc92
The SAP Mobile Platform 3.0 SP5 has an API called DataVault, which is used to securely store data on mobile devices. Due to an incorrect implementation of the cryptographic algorithms and parameters, it is possible to recover the keystream for the encrypted data. As a result, it is possible to recover part of the plaintext corresponding to an encrypted piece of data thus reverting the encryption process of some values inside the DataVault without needing the original secret key. Furthermore, due to the lack of cryptographic integrity mechanisms in the SAP DataVault an attacker recovering this keystream has the possibility of re-encrypting (or modifying in practical terms) with some limitations, some values previously encrypted inside the DataVault.
cd43a3f66a460ba3e471e6f03fe9bed24f562a9b22ab386dc9a02fc1929d34f9
Onapsis Security Advisory - Under certain conditions, the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator.
5ca7d3e9291f057648e9f6f695e85a6ed4865966ffa4228700ba29b2884a76f7
Onapsis Security Advisory - SAP HANA suffers from an information disclosure vulnerability via SQL IMPORT FROM statements.
bb14e2959b52d187e9b6acc4384e410e0927c0d33b3653e304b8da39ef6615f8
Onapsis Security Advisory - It is possible for an unauthenticated user to retrieve any audit events from a remote BusinessObjects service. This can disclose sensitive information including report names, universe queries, logins, etc. Auditing details are listed in the Auditing tab of the CMS. All services which expose a Auditing service are vulnerable. In the default setting this includes all BusinessObjects services except the CMS.
92a03a7a9374710770746549090119067b75fdc71c5a1c6527932e9be9239ecd
Onapsis Security Advisory - It is possible for an unauthenticated user to remove audit events from a remote BusinessObjects service using CORBA. Specifically, the attacker can tell the remote service (i.e. the auditee) to clear an event from it's queue. After the event is removed from the auditee queue, the auditor will never have knowledge of the event and, hence, it will not be written to the Audit database. An attacker can use this to hide their actions. By default, the auditor polls all auditees every 5 minutes to ask for events in their queue.
525b0210fa38e332bad09f1f23be059b8cff27946645438a054d05c005ac4ec0
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows the writing of any file stored in the FRS without authentication.
6de1db17a1a2cda52de24f00a98b3c5ab4bc5bda19395ccb1ab6ba6fee7121db
Onapsis Security Advisory - The BusinessObjects File Repository Server (FRS) CORBA listener allows a user to read any file stored in the FRS without authentication.
b91a029e7d55f1eaea5057b797bcbd5e83fb1e529410c558e0665b49ecab34ea
Onapsis Security Advisory - The SAP HANA contains a reflected cross site scripting vulnerability (XSS) on the pages /sap/hana/ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs and /sap/hana/xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs.
5119b84d53c0c30a40ccbbf28464d82d82fe294a2f8499c0d10ba47627e64dc2
Onapsis Security Advisory - By exploiting a search token privilege escalation vulnerability, a remote and potentially unauthenticated attacker would be able to access or modify any information stored on the SAP BusineesObjects server. The attacker could also connect to the business systems depending on the configuration of the BO infrastructure. BusinessObjects Edge version 4.1 is affected.
572684cdc3bc2a7bd551c52105bd0203238dbe5954d6313dd9841c6c341fed6b