Layer Seven Security ADVISORY

Similar documents
Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY. SAP Security Notes

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

Layer Seven Security ADVISORY

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Disclosure Management. Default font on styles in Disclosure Management

Passing Parameters via Web Dynpro Application

Disclosure Management US SEC. Preview

ADM920 SAP Identity Management

UI Changes for SAP Portfolio and Project Management Depending on NW Release

SAP Directory Content Migration Tool

Moving BCM to different IP range

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

How to Use a Customer Specific UIBB in MDG Application 'Create Change Request' Author: Matthias Hubert Company: SAP Created on 5th July 2013

SAP BusinessObjects Enterprise Upgrade Guide

NET311. Advanced Web Dynpro for ABAP COURSE OUTLINE. Course Version: 10 Course Duration: 4 Day(s)

How the Standard Integration between SAP EM and SAP TM Can Be Tested with SE37

Inception of the SAP Platform's Brain Attacks on SAP Solution Manager

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

ADM960. SAP NetWeaver Application Server Security COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day

ADM100 AS ABAP - Administration

SAP Audit Guide for Basis

ADM900 SAP System Security Fundamentals

BC100. Introduction to Programming with ABAP COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP BusinessObjects Integration Option for Microsoft SharePoint Getting Started Guide

ADM950. Secure SAP System Management COURSE OUTLINE. Course Version: 10 Course Duration: 2 Day(s)

TBIT40 SAP NetWeaver Process Integration

ADM950. Secure SAP System Management COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

SAP Sybase Replication Server Change DATA Capture Configuration. Example Configuration

BW Workspaces Data Cleansing during Flat File Upload

Introduction to BW Workspaces and its usage with SAP BusinessObjects BI Tools

BW Text Variables of Type Replacement Path

TABLE DISTRIBUTION IN HANA HANA. SAP Active Global Support, June 2012

BC400 Introduction to the ABAP Workbench

CREATION AND CONFIGURATION OF WEB SERVICE FROM RFC AND DEPLOYMENT IN ANOTHER SYSTEM

SAP Discovery System V5 Users and Passwords

INTERNAL USE ONLY SAP BusinessObjects EPM Add-in for Microsoft Office Support Package 17 / Patch XX Installation Procedure

EP200. SAP NetWeaver Portal: System Administration COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Dashboards Batch Utility User Guide

BC405 Programming ABAP Reports

BC400. ABAP Workbench Foundations COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

Quality Inspection Engine (QIE) Security Guide

EDB785 SAP IQ Administration

BC430 ABAP Dictionary

BC404. ABAP Programming in Eclipse COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

BC480 PDF-Based Print Forms

SMP521. SAP Mobile Platform - Native and Hybrid Application Development COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

SAP BusinessObjects Predictive Analysis 1.0 Supported Platforms

Business Objects Integration Scenario 2

PLM210. Master Data Configuration in SAP Project System COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Simplified Configuration of Single System Update in Maintenance Optimizer

Deploy a SAPUI5 Mobile App to Android Device

How To...Consume HANA Models with Input Parameters in BW Virtual Providers

SAP Plant Connectivity 2.2

BC490 ABAP Performance Tuning

Layer Seven Security ADVISORY

AFA461 SAP Afaria 7.0 System Administration (SP03)

BC410. Programming User Dialogs with Classical Screens (Dynpros) COURSE OUTLINE. Course Version: 10 Course Duration: 3 Day(s)

SDN Community Contribution

SAP NetWeaver Identity Management Identity Center Minimum System Requirements

How-to guide: OS Command Adapter

BC401. ABAP Objects COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

Upgrade MS SQL 2005 to MS SQL 2008 (R2) for Non-High-Availability NW Mobile ABAP System

Scott Lowden SAP America Technical Solution Architect

How to Find Suitable Enhancements in SAP Standard Applications

Exploiting new default accounts in SAP systems

Crystal Reports 2008 FixPack 2.4 Known Issues and Limitations

Message Alerting for SAP NetWeaver PI Advanced Adapter Engine Extended

SAP BusinessObjects Dashboard Design Component SDK Installation Guide

EP350. Innovated Content Management and Collaboration COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Obtain Configuration Parameters for LPD_CUST Provide the base path of your BSP application (1/2)

EDB358. System and Database Administration: Adaptive Server Enterprise COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

BW310. BW - Enterprise Data Warehousing COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

Cube Designer User Guide SAP BusinessObjects Financial Consolidation, Cube Designer 10.0

Attacks based on security configurations

Dashboards LiveCycle Data Services Gateway Installation Guide SAP BusinessObjects 4.0 Support Package 4

SAP White Paper SAP Sybase Adaptive Server Enterprise. New Features in SAP Sybase Adaptive Server Enterprise 15.7 ESD2

SAP Fiori Toolkit. Marc Anderegg, RIG, SAP February, Provided by Rapid Innovation Group (RIG)

Managing Substitutions in My Inbox 2.0 app

How To - Extend MDG-M content by new attributes for customer Z-fields in standard tables

Business Reasons For Mobilizing Oracle Databases Using SQL Anywhere. A whitepaper from Sybase ianywhere

SAP Business Communications Management (BCM) Release Notes 7.0 SP04 Patch 1 ( )

BIT460. SAP Process Integration Message Mapping COURSE OUTLINE. Course Version: 15 Course Duration: 3 Day(s)

SMP541. SAP Mobile Platform 3.0 Native and Hybrid Application Development COURSE OUTLINE. Course Version: 15 Course Duration: 5 Day(s)

Preventing vulnerabilities in HANAbased MARCH TROOPERS SECURITY CONFERENCE

TBW60. BW: Operations and Performance COURSE OUTLINE. Course Version: 10 Course Duration: 5 Day(s)

HA200 SAP HANA Installation & Operations SPS10

Transcription:

Layer Seven Security ADVISORY SAP Security Notes June 01

SAP released several patches for multiple vulnerabilities effecting Sybase EAServer in June. EAServer is used to create, deploy and configure Java servlets, JavaServer Pages and Web applications. The latter is enabled through the support of common standards for Web Services including the Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL) and Uniform Description, Discovery and Integration (UDDI). EAServer enables organizations to expose stored procedures in systems such as Sybase ASE, SQL Anywhere, IQ and other databases as Web services. It is also used to load balance between clustered application servers, define database types and data sources and perform other administrative and monitoring tasks. The EAServer vulnerabilities were discovered by security researchers Gerhard Wagner and Bernhard Mueller of SEC Consult Vulnerability Lab. SAP was notified in November last year. The vulnerabilities include OS command injection (Note 1851914), directory traversal (Note 185064) and information disclosure (Note 1858107). Note 1851914 is rated the most critical and carries a CVSS score of 10.0. An external entity (XXE) vulnerability in EAServer caused by a lack of input validation can enable attackers to list directories and files on target systems. This can lead to the unauthorized retrieval of administrative credentials from configuration files which can then be used to execute OS commands through the WSH service. Customers are advised to update their EAServer installation as soon as possible through the application of the appropriate EBF for their platform. SAP Security Notes June 01 Note 185161 relates to a privilege escalation vulnerability in the ABAP Editor, a source code editing tool and component of ABAP Workbench. ABAP Editor is used to develop and modify programs, function modules and other objects.

SAP Security Notes by Vulnerability Type This should only be permitted for users granted a unique developer license key, stored in the table DEVACCESS. Note 185161 patches a vulnerability in Workbench that led to the failure to request developer access keys for the some functions performed through ABAP Editor. The cross-site scripting vulnerability can lead to session hijacking through weaknesses in the REST interface. As a result, SAP recommends disabling the interface or restricting access to the interface for specific versions of AS Java. Other important patches include Note 180504, which deals with a missing authorization check for the maintenance of configuration parameters in SAP profiles, and Notes 181985 and 186098 that deal with command injection and cross-site scripting vulnerabilities in NetWeaver Identity Management (IdM). The command injection vulnerability could lead users to escalate privileges and assign permissions without authorizations.

Appendix: SAP Security Notes, June 01 PRIORITY NOTE AREA DESCRIPTION 1 1851914 BC-SYB-EAS Potential remote code execution in EAServer 180777 BC-JAS-ADM-ADM Update 1 to SAP security note 1755108 188814 PLM-CFO Unauthorized modification of stored content in cfolders 18418 PS Missing authorization check in PS 184406 BC-CST-IC Missing authorization check in in package SICM 18408 BC-SEC Missing authorization check in RSDUMPSOURCE 18440 BC-SEC-USR-IS SUIM RSUSR00 User... is not found 1847645 BC-BMT-WFM Missing authorization check in BC-BMT-WFM 184819 BC-ABA-TV Missing authorization check in BC-ABA-TV 1848996 BC-ILM-LCM Missing authorization check in BC-ILM-LCM 1849559 BW-WHM-DST Code injection vulnerability in BW-WHM-DST 1849744 EP-BC-UWL Missing authorization check in SAP_BASIS 185064 BC-SYB-EAS Directory traversal in EAServer 185161 BC-DWB-TOO-FUB Privilege Escalation in ABAP Source Code Editor 18585 IS-B-BCA Missing authorization check in IS-B-BCA 1858107 BC-SYB-EAS Potential disclosure of persisted data in EAServer 1781594 BC-SRV-ALV Code injection vulnerability in component BC-SRV-ALV 180504 BC-CCM-CNF-PFL Missing authorization check in SAP profile functions 18161 BC-SRV-ALV Code injection vulnerability in BC-SRV-ALV 18616 BC-SRV-COM-FTP Update 1 to security note 16741 18146 BC-UPG-TLS-TLA Potential modification of persisted data in upgrade tools 181985 BC-IAM-IDM Command injection vulnerability in SAP Netweaver IdM 18495 LO-GT-TEW Missing authorization check in LO-GT-TEW 185666 SCM-APO-INT-MD-PDS Missing authorization check in PDS_MAINT

Appendix: SAP Security Notes, June 01 cont. PRIORITY NOTE AREA DESCRIPTION 186717 BW-BEX-ET Hard-coded profiles in BW-BEX-ET 184695 EPM-BPC-NW Missing authorization check in BPC Web Services 16009 CRM-IC-FRW-UI Unauthorized modification in BSP application in CRM-IC-FRW 17577 BI-BIP-BIW Unauthorized modification of displayed content in BOE 177470 LO-MD-MM Update 1 to security note 1500050 17744 SV-SMG-SDD Missing authorization check in ST-PI 1806098 BC-IAM-IDM Unauthorized Use of Application Functions in REST Interface 1816989 EP-PIN-CS Potential information disclosure relating to EPCM data bag 18847 BC-XI-IBC Potential information disclosure in PI

Layer Seven Security Layer Seven Security specialize in SAP security. We serve customers worldwide to protect information assets against internal and external threats and comply with industry and statutory reporting requirements. The company fuses technical expertise with business acumen to deliver unparalleled implementation, consulting and audit services targeted at managing risks in contemporary SAP systems. Layer Seven Security leverage leading SAP-certified software to deliver end-to-end assessments that detect and remediate vulnerabilities at all levels in SAP landscapes. The company is privately owned and headquartered in Toronto, Canada. Address Westbury Corporate Centre Suite 101 75 Upper Middle Road Oakville, Ontario L6H 0C, Canada Web www.layersevensecurity.com Email info@layersevensecurity.com Telephone 1 888 995 099

Copyright Layer Seven Security 01 - All rights reserved. No portion of this document may be reproduced in whole or in part without the prior written permission of Layer Seven Security. Layer Seven Security offers no specific guarantee regarding the accuracy or completeness of the information presented, but the professional staff of Layer Seven Security makes every reasonable effort to present the most reliable information available to it and to meet or exceed any applicable industry standards. This publication contains references to the products of SAP AG. SAP, R/, xapps, xapp, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius and other Business Objects products and services mentioned herein are trademarks or registered trademarks of Business Objects in the United States and/or other countries. SAP AG is neither the author nor the publisher of this publication and is not responsible for its content, and SAP Group shall not be liable for errors or omissions with respect to the materials.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback