Vulnerabilities in SAP products
Cyber security researchers found eight vulnerabilities in SAP products, which leads to leak information, also taking servers offline.
Security researchers from Positive Technologies, said, the bugs found in a variety of SAP solutions. All products could potentially dangerous to companies worldwide which are used.
One of the most severe bugs caused due to an absence of XML validation, discovered in the Web Dynpro Flash Island. Which enable hackers to perform an XML External Entity (XXE) attack, without the need to authenticate, and obtain local files on the SAP server, such as private encryption keys and other business-critical data.
The vulnerability could use to perform a DOS attack to take the server offline. Another vulnerability discovered in the SAP Enterprise portal. An absence of XML validation allowed attackers to obtain local files on the SAP server.
This could lead to information stolen, included private encryption keys, hashes of operating system passwords, and sensitive corporate data.
SAP and Accenture jointly work on SAP Leonardo
Researchers said, attackers outside of the local network could not gain network access to the OS and database, but could try to use these credentials to hack accounts on other open services or perform a DDoS attack.
An XSS vulnerability also uncovered in the SAP Enterprise Portal style service, and a second XSS bug also found in the SAP NetWeaver Monitoring application. In addition, the security team discovered an information disclosure security flaw in the SAP NetWeaver Business Process Management (BPM) solution.
The same kind of XML validation lack present in the SAP Composite Application Framework Authorization Tool and a further two embedded in the SAP NetWeaver Web Services Configuration UI.
These issues not only allow threat actors to read files hosted on servers and steal administration credentials.
The bugs discovered earlier this year and addressed in recent security patches issued by SAP. Vendors should make sure their products up-to-date to avoid their systems compromised.
More information: [Positive Technologies]