A partner account manager can help. Contact us today.

 Subscribe me your mailing list

[ERPSCAN-15-008] SAP Afaria 7 XcListener – Buffer overflow

Application: SAP Afaria 7.0.6001.5
Vendor URL:
Bugs: BoF
Reported: 09.12.2014
Vendor response: 10.12.2014
Date of Public Advisory: 15.03.2015
Reference: SAP Security Note 2132584
Authors: Vahagn Vardanyan (ERPScan)

Vulnerability information
Class: DoS [CWE-400]
Impact: DoS
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2015-2820

Business Risk
It is possible to use denial of service to terminate the process of the vulnerable component. As a result, nobody can use this service, which has a negative influence on business processes. System downtime also harms business reputation.

An anonymous attacker can use a special request to crash the XcListener process on the server.

SAP Afaria 7
Other versions are probably affected too, but they were not checked.

Solutions and workarounds
A vulnerability has been discovered in certain landscape configurations of SAP Afaria that utilize XcListener for initiating client-to-server communications. SAP has released security patches for the vulnerable clients, Windows Mobile, Windows CE, and Windows. Windows Phone is not affected. SAP strongly recommends that customers patch their servers.
Patching instructions:
1) Download hotfix

  • SAP Afaria 7 SP5 Hotfix 8
  • SAP Afaria 7 SP4 Hotfix 16