SAP Security Notes August 2011 – Review
SAP Company has released August monthly set of updates. This set of updates closes more than 40 vulnerabilities is SAP products, 7 of which were found by outside researchers. In this set 5 vulnerabilities were found by ERPScan employees.
SAP traditionally gave thanks to ERPScan researchers for the found vulnerabilities and promotion for its closure on their portal.
The set of updates consists of patches for a number of dangerous vulnerabilities, including those which were presented at the recent BlackHat conference in Las Vegas. Detailed list of corrected vulnerabilities is below:
- The most critical vulnerability is bypassing authentication and authorization mechanisms in JAVA engine and as the result – getting administrator rights on the server. Update is available is SAP Security Note 1589525. Criticality according to CVSS is 10. Priority is 1 according to SAP metrics.
- Possibility of creating a user in a system with any rights via CSRF attack. Update is available in SAP Security Note 1616058. Criticality according to CVSS is 7.8. Priority is 1 according to SAP metrics.
- Implementation of random code of OS via vulnerable RFC module. Update is available in SAP Security Note 1580017. Criticality according to CVSS is 6.0. Priority is 2 according to SAP metrics.
- XSS in SAP BW. Update is available in SAP Security Note 1572325. Criticality according to CVSS is 4.3. Priority is 2 according to SAP metrics.
- SMBrelay vulnerability in one of reports. Update is available in SAP Security Note 1583286. Criticality according to CVSS is 2.3. Priority is 2 according to SAP metrics.
Details of two first mentioned vulnerabilities and also other information about J2EE applications security of SAP platform are available in the document /wp-content/uploads/2011/08/A-crushing-blow-at-the-heart-SAP-J2EE-engine_whitepaper.pdf
It is highly recommended to download the updates which close the given vulnerabilities. The information about updates is available from the following SAP Security Notes: 1589525,1616058,1580017,1572325,1583286. Recommendations disclosing technical details of these vulnerabilities will be available in 3 months at erpscan.com Exploits will be available soon in ERPScan Security Scanner – innovative SAP vulnerability assessment solution and ERPScan SaaS.