SAP XXE / Hardcoded Credentials / SQL Injection / Overflow

32   2019-08-05 08:08   nipc
漏洞信息
漏洞编号: 1314
CVE编号:
漏洞类型: -
漏洞来源: cxs
发布日期: 2015-06-12
CVSS
CVSS值: -
严重级别: 中危
利用范围: -
攻击复杂度: -
认证级别: -
漏洞描述

WLB-2015060064[***]http://cxsecurity.com/issue/WLB-2015060064[***]SAP XXE / Hardcoded Credentials / SQL Injection / Overflow[***]2015.06.12[***] Darya Maenkova[***] Medium[***]CWE-89 [***]N/A[***]No[***]Yes[***][***][***][***][***][***][***][***][***]SAP <http://www.sap.com/>has released the monthly critical patch update @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** for June 2015. This patch update closes a lot of vulnerabilities in SAP @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** products. The most popular vulnerability is Missing Authorization Check. @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** This month, three critical vulnerabilities found by ERPScan researchers @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** *Issues that were patched with the help of ERPScan*@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Below are the details of SAP vulnerabilities that were found byERPScan @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** <http://www.erpscan.com/>researchers.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** * An XML eXternal Entity vulnerability in SAP Mobile Platform@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** on-premise (CVSS Base Score:5.5).Updateis available in SAP Security@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Note2159601 <https://service.sap.com/sap/support/notes/2159601>. An@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** attacker can use XML eXternal Entities to send specially crafted@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** unauthorized XML requests, which will be processed by the XML@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** parser. The attacker will get unauthorized access to the OS file system.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** * A Hardcoded Credentials vulnerability in SAP Cross-System Tools@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** <https://service.sap.com/sap/support/notes/2059659>. An attacker can@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** use hardcoded credentials for unauthorized access and perform@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** various actions in the system. In addition, it is likely that the@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** code will be implemented as a backdoor into the system.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** * A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** <https://service.sap.com/sap/support/notes/2057982>. An attacker can@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** use the hardcoded credentials for unauthorized access and perform@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** various actions in the system. In addition, it is likely that the@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** code will be implemented as a backdoor into the system.@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** *The most critical issues found by other researchers*@@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** Some of our readers and clients asked us to categorize the most critical @@@@@@@@@@$$$$$$$$$$&&&&&&&&&&##########suijishu0518893******** SAP vulnerabilities to patch

POC

SAP <http://www.sap.com/>has released the monthly critical patch update for June 2015. This patch update closes a lot of vulnerabilities in SAP products. The most popular vulnerability is Missing Authorization Check. This month, three critical vulnerabilities found by ERPScan researchers Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed. *Issues that were patched with the help of ERPScan* Below are the details of SAP vulnerabilities that were found byERPScan <http://www.erpscan.com/>researchers. * An XML eXternal Entity vulnerability in SAP Mobile Platform on-premise (CVSS Base Score:5.5).Updateis available in SAP Security Note2159601 <https://service.sap.com/sap/support/notes/2159601>. An attacker can use XML eXternal Entities to send specially crafted unauthorized XML requests, which will be processed by the XML parser. The attacker will get unauthorized access to the OS file system. * A Hardcoded Credentials vulnerability in SAP Cross-System Tools (CVSS Base Score:3.6).Updateis available in SAP Security Note2059659 <https://service.sap.com/sap/support/notes/2059659>. An attacker can use hardcoded credentials for unauthorized access and perform various actions in the system. In addition, it is likely that the code will be implemented as a backdoor into the system. * A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench (CVSS Base Score:2.1).Updateis available in SAP Security Note2057982 <https://service.sap.com/sap/support/notes/2057982>. An attacker can use the hardcoded credentials for unauthorized access and perform various actions in the system. In addition, it is likely that the code will be implemented as a backdoor into the system. *The most critical issues found by other researchers* Some of our readers and clients asked us to categorize the most critical SAP vulnerabilities to patch them first. Companies providing SAP Security Audit, SAP Security Assessment, or SAP Penetration Testing services can include these vulnerabilities in their checklists. The most critical vulnerabilities of this update can be patched by the following SAP Security Notes: * 2151237 <https://service.sap.com/sap/support/notes/2151237>: SAP GUI for Windows has a Buffer Overflow vulnerability (CVSS Base Score:9.3). An attacker can use Buffer Overflow for injecting specially crafted code into working memory, which will be executed by the vulnerable application under the privileges of that application. This can lead to the attacker taking complete control over the application, denial of service, command execution, and other attacks. In case of command execution,attackercan obtain critical technical and business-related information stored in the vulnerable SAP-system or escalate their own privileges. As for denial of service, the process of the vulnerable component may be terminated. For this time, nobody will be able to use this service, which negatively influences business processes, system downtime, and, consequently, business reputation. It is recommended to install this SAP Security Note to prevent risks. * 2129609 <https://service.sap.com/sap/support/notes/2129609>: SAP EP JDBC Connector has an SQL Injection vulnerability (CVSS Base Score:6.5). An attacker can use SQL Injections with the help of specially crafted SQL queries. They can read and modify sensitive information from a database, execute administrative operations in a database, destroy data or make it unavailable. In some cases, an attacker can access system data or execute OS commands. It is recommended to install this SAP Security Note to prevent risks. * 1997734 <https://service.sap.com/sap/support/notes/1997734>: SAP RFC runtime has a Missing AuthorizationXheckvulnerability (CVSS Base Score:6.0). An attacker can use Missing Authorization Checks to access a service without any authorization procedures and use service functionality that has restricted access. This can lead to information disclosure, privilege escalation, and other attacks. It is recommended to install this SAP Security Note to prevent ri