[ERPSCAN-11-040] SAP NetWeaver SPML – XML CSRF user creation

DSECRG Advisories

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Command execution
Exploits: YES
Reported: 14.03.2011
Vendor response:16.03.2011
Date of Public Advisory:11.11.2011
CVSS: 7.3
Author: Alexandr Polyakov

Attacker can create a new user in J2EE Engine using CSRF attack on SPML service.

Business Risk
An attacker can use CSRF vulnerability by sending a link on malicious page to an unaware user via an e-mail, messaging or social networks. The end user browser has no way to know that the page should not be trusted, and will execute the script.Thus, an attacker can gain access to user session and gain control on business-critical information which can be accessed by victim.


To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: