Leading SAP SE partner in discovering and solving security vulnerabilities                                 Request DEMO             
DSECRG Advisories

[DSECRG-13-002] SAP GRMGApp – XXE and authentication bypass

Application: SAP NetWeaver J2EE
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs: Security Bypass, XXE
Exploits: YES
Reported: 13.07.2012
Vendor response: 14.07.2012
Date of SAP Note Published: 08.01.2013
Date of Public Advisory: 28.01.2013
Reference: SAP Note 1729293 and 1725390
Authors: Dmitry Chastukhin (ERPScan)

Description

SAP NetWeaver GRMGApp is vulnerable to unauthorized access and has XXE vulnerability.

Business Risk

It is possible for attackers to send any packets to any port of any system including localhost. It means that it is possible, for example, to send any administrative command to Gateway or Message server because the source of the packet will be localhost, and there is no restrictions for localhost. Another example is an attack on other interfaces.