[ERPSCAN-12-030] SAP NetWeaver EPS – Multiple missing auth check
Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: http://www.sap.com
Bugs:Auth bypass, directory traversal, smbrelay
Vendor response: 15.05.2011
Date of Public Advisory: 17.06.2012
Author: Alexey Tyurin (ERPScan)
A security vulnerability was found in the SAP EPS RFC function group. It allows an attacker to list files remotely or steal hashes of SAP server account in Windows environment using the SMBRelay attack.
An attacker can execute vulnerable transactions, programs or RFC functions remotely without authentication because authorization check is missing. It can lead to various threats from information disclosure to full system compromise.