[ERPSCAN-14-010] SAP HANA Application Lifecycle manager – CSRF token bypass (Verb tampering)

Application: SAP HANA
Versions Affected:
Vendor URL: http://www.sap.com
Bugs: CSRF token bypass (Verb tampering)
Reported: 09.04.2014
Vendor response: 10.04.2014
Date of Public Advisory: 21.08.2014
Reference: SAP Security Note 2011169
Author: Dmitry Chastukhin (ERPScan)

It is possible to bypass CSRF token in SAP HANA Application Lifecycle manager. This which allow the attacker to use CSRF attack.

Business Risk
An attacker can use a CSRF vulnerability by sending a link on malicious page to an unaware user via e-mail, messaging or social networks. The end user browser has no way to know that the page should not be trusted, and will execute the script. Thus, an attacker can gain access to user session and gain control on business-critical information which can be accessed by victim.