[ERPSCAN-11-031] SAP RFC EPS_DELETE_FILE — Authorisation bypass, smbrelay
Versions Affected: SAP NetWeaver ABAP
Vendor URL: http://www.sap.com
Bugs:Auth bypass, directory traversal, smbrelay
Vendor response: 25.01.2011
Date of Public Advisory: 22.08.2011
Author: Alexey Sintsov
Security vulnerability was founded in sap EPS_DELETE_FILE RFC function allows attacker to delete files remotely or steal hashes of SAP server account in windows environment using SMBRelay attack.
Attacker execute vulnerable transaction, programm or RFC function remotely without authentication because authorisation check is missing. It can lead to different threads from information disclose to full system compromise.