[ERPSCAN-12-030] SAP NetWeaver EPS – Multiple missing auth check

DSECRG Advisories

Application: SAP NetWeaver ABAP
Versions Affected: SAP NetWeaver ABAP
Vendor URL: http://www.sap.com
Bugs:Auth bypass, directory traversal, smbrelay
Exploits: YES
Reported: 13.05.2011
Vendor response: 15.05.2011
Date of Public Advisory: 17.06.2012
Author: Alexey Tyurin (ERPScan)

A security vulnerability was found in the SAP EPS RFC function group. It allows an attacker to list files remotely or steal hashes of SAP server account in Windows environment using the SMBRelay attack.

Business Risk
An attacker can execute vulnerable transactions, programs or RFC functions remotely without authentication because authorization check is missing. It can lead to various threats from information disclosure to full system compromise.