Home / vulnerabilitiesPDF  

SAP Security Notes August 2015

Posted on 13 August 2015
Source : packetstormsecurity.org Link

 

SAP <http://www.sap.com/> has released
<http://scn.sap.com/community/security/blog/2015/08/11/sap-security-patch-day-summary--august-2015>the
monthly critical patch update for August 2015. This patch update closes 22
vulnerabilities in SAP products, 15 have high priority, some of them belong
to the SAP HANA security area. The most popular vulnerability is Cross Site
Scripting (XSS). This month, three critical vulnerabilities found by
ERPScan researchers Dmitry Chastuhin, Vahagn Vardanyan, Roman Bejan were
closed.

*Issues that were patched with the help of ERPScan*

Below are the details of SAP vulnerabilities that were found by ERPScan
<http://www.erpscan.com/> researchers.

- An XML eXternal Entity vulnerability in SAP Mobile Platform 2.3 (CVSS
Base Score: 4.9). Update is available in SAP Security Note 2152227
<https://service.sap.com/sap/support/notes/2152227>. An attacker can use
XML eXternal Entities to send specially crafted unauthorized XML requests,
which will be processed by the XML parser. The attacker will get
unauthorized access to the OS file system.
- An XML eXternal Entity vulnerability in SAP NetWeaver Portal (CVSS
Base Score: 4.9). Update is available in SAP Security Note 2168485
<https://service.sap.com/sap/support/notes/2168485>. An attacker can use
XML eXternal Entities to send specially crafted unauthorized XML requests,
which will be processed by the XML parser. The attacker will get
unauthorized access to the OS file system.
- An XSS vulnerability in SAP Afaria 7 (CVSS Base Score: 4.3). Update is
available in SAP Security Note 2152669
<https://service.sap.com/sap/support/notes/2152669>. An attacker can
modify displayed application content without authorization and steal
authentication data (cookie).

*The most critical issues found by other researchers*

Some of our readers and clients asked us to categorize the most critical
SAP vulnerabilities to patch them first. Companies providing SAP Security
Audit, SAP Security Assessment, or SAP Penetration Testing services can
include these vulnerabilities in their checklists. The most critical
vulnerabilities of this update can be patched by the following SAP Security
Notes:

- 2037304: <https://service.sap.com/sap/support/notes/2037304> SAP ST-P
has a Remote Command Execution vulnerability (CVSS Base Score: 8.5). An
attacker can use Remote Command Execution to run commands remotely.
Executed commands will run with the privileges of the service that executes
them. An attacker can access arbitrary files and directories located in an
SAP server filesystem, including application source code, configuration,
and critical system files. It allows obtaining critical technical and
business-related information stored in the vulnerable SAP system. It is
recommended to install this SAP Security Note to prevent risks.
- 2169391 <https://service.sap.com/sap/support/notes/2169391>: SAP
NetWeaver AFP Servlet has a Reflected File Download vulnerability (CVSS
Base Score: 7.5). Reflected File Download (RFD) is a web attack vector
that enables attackers to gain complete control over a victim's machine. In
an RFD attack, the user follows a malicious link to a trusted domain
resulting in a file download from that domain. It is recommended to install
this SAP Security Note to prevent risks.
- 2175928 <https://service.sap.com/sap/support/notes/2175928>: SAP HANA
has a Running Process Remote Termination vulnerability (CVSS Base Score:
6.8). An attacker can use this vulnerability to terminate the process of
a vulnerable component. Nobody will be able to use this service, which has
a negative impact on business processes, system downtime, and business
reputation. It is recommended to install this SAP Security Note to prevent
risks.
- 2165583 <https://service.sap.com/sap/support/notes/2165583>: SAP HANA
has an incorrect system configuration vulnerability (CVSS Base Score: 6.6).
SAP HANA internal services could be accessed without authentication if the
HANA system is insecurely configured and no other security measures are in
place. This could endanger system availability, data confidentiality and
integrity. It is recommended to install this SAP Security Note to prevent
risks.

It is highly recommended to patch all those SAP vulnerabilities to prevent
business risks affecting your SAP systems.

SAP has traditionally thanked the security researchers from ERPScan for
found vulnerabilities on their acknowledgment page
<http://scn.sap.com/docs/DOC-8218>.

 

TOP