SAP GUI for Windows - Remote Code Execution + bypass security policy

Application: SAP GUI Versions Affected: SAP GUI 7.2-7.5 Vendor URL: SAP Bugs: Remote Code Execution Reported: 15.12.2016 Vendor response: 16.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2407616 Authors: Dmitry Yudin ERPScan aka @ret5et, Vahagn Vardanyan ERPScan, Dmitry...

SAP NetWeaver AS ABAP disp+work crash

Application: SAP NetWeaver ABAP Versions Affected: SAP KERNEL 7.40 64BIT, disp+work.exe 7400.12.21.30308 Vendor URL: SAP Bugs: DoS Reported: 15.12.2016 Vendor response: 16.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2406841 Author: Vahagn Vardanyan ERPScan VULNERABILI...

Hardcoded credentials

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial...

CVE-2016-3684

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338...

CVE-2016-3685

Affected software: SAP Download Manager up to version 2.1.142. Root cause: encryption of sensitive values stored in a configuration file uses a fixed static key; on Windows and macOS the key is the BIOS serial number concatenated with a hard-coded key, enabling attackers with local access to reco...

CVE-2016-3684

SAP Download Manager (versions up to 2.1.142) stores sensitive values in a configuration file encrypted with a hard-coded key. On Windows/Mac, the key combines the BIOS serial with a fixed key; on Linux/other platforms, the key is a fixed hard-coded value. This enables context-dependent attackers...

SAP NetWeaver 7.3 AS Java XSS in CAFAdapterTest servlet

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.3 Vendor URL: SAP Bug: XSS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2405943 Authors: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver AS Java XSS in GenericSemanticTest component

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.4 Vendor URL: SAP Bugs: XSS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2408100 Author: Boris Sanin ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP HANA XS Sinopia - DoS vulnerability

Application: SAP HANA Versions Affected: SAP HANA 1 and SAP HANA 2 Vendor URL: SAP Bug: DoS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Authors: Mikhail Medvedev ERPScan, Mathieu Geli ERPScan VULNERABILITY INFORMATION...

SAP HANA Sinopia - default user creation policy insecure

Application: SAP HANA Versions Affected: SAP HANA SPS12 Vendor URL: SAP Bug: Insecure default configuration Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2407694 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class:...

SAP NetWeaver AS JAVA 7.3 AS JAVA XSS in ctcprotocol/Protocol servlet

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.3 Vendor URL: SAP Bugs: XXS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2406783 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: XSS...

SAP Solman - user accounts disclosure CVE-2016-10005

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: SAP Bugs: Information Disclosure Reported: 12.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan ERPScan VULNERABILITY INFORMATION CVE-2016-100...

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9562

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

Null pointer dereference

SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of Service null pointer exception and icman outage via an HTTPS request to the sap.comP4TunnelingApp!web/myServlet URI, aka SAP Security Note 2313835...

CVE-2016-9563

This CVE concerns XML External Entity (XXE) injection in SAP NetWeaver AS Java 7.5, specifically the BC-BMT-BPM-DSK component exposed via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI. Root cause is an XXE flaw that could allow an authenticated remote attacker to read arbitrary fil...

CVE-2016-9563

BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity XXE attacks via the sap.comtcbpemhimuwlconnproviderweb/bpemuwlconn URI, aka SAP Security Note 2296909. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection

SAP NetWeaver AS JAVA - BC-BMT-BPM-DSK XML External Entity Injection Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909...

SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 09.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan ERPScan 1. ADVISORY INFORMATION Title:...