[<prev] [next>] [day] [month] [year] [list]
Message-ID: <55A65DEE.4050305@erpscan.com>
Date: Wed, 15 Jul 2015 16:19:42 +0300
From: Darya Maenkova <d.maenkova@...scan.com>
To: fulldisclosure@...lists.org, submissions@...ketstormsecurity.com
Subject: [FD] SAP Security Notes July 2015
*SAP Security Notes July 2015*
SAP <http://www.sap.com/>has released the monthly critical patch update
for July 2015. This patch update closes a lot of vulnerabilities in SAP
products, some of them belong in the SAP HANA security area. The most
popular vulnerability is Missing Authorization Check. This month, one
critical vulnerability found by ERPScan researcher Alexander Polyakov
was closed.
*Issues that were patched with the help of ERPScan*
Below are the details of SAP vulnerabilities that were found by ERPScan
<http://www.erpscan.com/> researchers.
* A Missing Authorization Check vulnerability in SAP XML Data
Archiving Service (CVSS Base Score: 3.5). Update is available in SAP
Security Note 1945215
<https://service.sap.com/sap/support/notes/1945215>. An attacker can
use Missing Authorization Checks to access a service without any
authorization procedures and use service functionality that has
restricted access. This can lead to an information disclosure,
privilege escalation, and other attacks.
*
*
*The most critical issues found by other researchers*
Some of our readers and clients asked us to categorize the most critical
SAP vulnerabilities to patch them first. Companies providing SAP
Security Audit, SAP Security Assessment, or SAP Penetration Testing
services can include these vulnerabilities in their checklists. The most
critical vulnerabilities of this update can be patched by the following
SAP Security Notes:
* 2180049 <https://service.sap.com/sap/support/notes/2180049>: SAP ASE
XPServer has a Missing Authorization Check vulnerability (CVSS Base
Score: 9.3). An attacker can use Missing Authorization Checks to
access a service without any authorization procedures and use
service functionality that has restricted access. This can lead to
information disclosure, privilege escalation, and other attacks. It
is recommended to install this SAP Security Note to prevent risks.
* 1952092 <https://service.sap.com/sap/support/notes/1952092>: IDES
ECC has a Remote Command Execution vulnerability (CVSS Base Score:
6.0). An attacker can use Remote Command Execution to run commands
remotely without authorization. Executed commands will run with the
privileges of the service that executes them. An attacker can access
arbitrary files and directories located in an SAP server filesystem,
including application source code, configuration, and critical
system files. It allows obtaining critical technical and
business-related information stored in the vulnerable SAP system. It
is recommended to install this SAP Security Note to prevent risks.
* 1971516 <https://service.sap.com/sap/support/notes/1971516>: SAP
SERVICE DATA DOWNLOAD has a Remote command execution vulnerability
(CVSS Base Score: 6.0). An attacker can use Remote Command Execution
to run commands remotely without authorization. Executed commands
will run with the privileges of the service that executes them. An
attacker can access arbitrary files and directories located in an
SAP server filesystem, including application source code,
configuration, and critical system files. It allows obtaining
critical technical and business-related information stored in the
vulnerable SAP system. It is recommended to install this SAP
Security Note to prevent risks.
* 2183624 <https://service.sap.com/sap/support/notes/2183624>: SAP
HANA database has an Information Disclosure vulnerability. An
attacker can use Information Disclosure for revealing additional
information (system data, debugging information, etc.) which will
help to learn more about the system and to plan other attacks. It is
recommended to install this SAP Security Note to prevent risks.
It is highly recommended to patch all those SAP vulnerabilities to
prevent business risks affecting your SAP systems.
SAP has traditionally thanked the security researchers from ERPScan for
found vulnerabilities on their acknowledgment page
<http://scn.sap.com/docs/DOC-8218>.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists