[ERPSCAN-12-026] SAP NetWeaver RZL_READ_DIR_LOCAL – missing authorization check and SMB Relay vulnerability

DSECRG Advisories

Application: SAP NetWeaver
Versions Affected: SAP NetWeaver
Vendor URL: http://www.sap.com
Bugs:Missing auth check
Exploits: YES
Reported: 13.05.2011
Vendor response:15.05.2011
Date of Public Advisory:13.03.2012
Reference: SAP Security Note 1595074
Author:Alexey Tyurin (ERPScan)

Missing authorization check in FRC function RZL_READ_DIR_LOCAL.

Business Risk
Attacker can execute vulnerable transaction, programm or RFC function remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.