[ERPSCAN-13-023] SAProuter – Authentication Bypass
Application: SAP Network Interface Router (SAProuter)
Versions Affected: 39.3 SP4 (7220.127.116.11) – Win64/Linux x86_64, 40.4
Vendor URL: http://www.sap.com
Bugs: Authentication bypass
Vendor response: 24.03.2013
Date of Public Advisory: 25.11.2013
Reference: SAP Security Note 1853140
CVSS: AV:N/AC:H/AU:N/C:P/I:C/A:P 6.6
Author: George Nosenko (ERPScan)
It is possible that a remote attacker can bypass authentication and reconfigure SAProuter.
An attacker can reconfigure SAProuter remotely without authentication because authorization check is missing. It can lead to various threats, from information disclosure to full system compromise.
To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: