Close

HAVE QUESTIONS?

A partner account manager can help. Contact us today.

 Subscribe me to your mailing list

[ERPSCAN-13-024] SAP EMR Unwired – Unauthorized access

Application: SAP EMR Unwired (com.sap.mobi)
Versions Affected: latest
Vendor URL: http://www.sap.com
Bugs: Unauthorized access
Exploits: YES
Reported: 20.04.2013
Vendor response: 21.04.2013
Date of Public Advisory: 16.11.2013
Reference: SAP Security Note 1864518
CVSS: AV:A/AC:M/AU:S/C:P/I:N/A:N 3.8
Author: Dmitry Evdokimov (ERPScan)

Description
An unauthorized access vulnerability in the mobile application allows attackers to get access to short-lived temporary documents.

Business Risk
By exploiting this vulnerability, an internal or external attacker will be able to escalate their privileges. With the help of this access, it is possible to obtain sensitive technical and business-related information stored in the vulnerable SAP system.

Defense

To prevent this issue as well as a plethora of other vulnerabilities that may affect your systems, ERPScan provides the following services: