SAP released its monthly critical patch update for May 2011 which closes 10 public vulnerabilities in SAP products. 2 of them were found by ERPScan researchers Alexey Sintsov and Dmitriy Evdokimov.
SAP traditionally published acknowledgements for the found vulnerabilities to security researchers from ERPScan on their acknowledgement page.
The most critical one is a Missing Authorization Check vulnerability in one of the RFC modules which can lead to privilege escalation and SMB relay attacks (priority 2 according to SAP metrics). The second vulnerability is XSS in one of the Java applications.
It is highly recommended to patch all those issues to prevent business risks.
Solutions for those issues are available in SAP Security Notes: 1554030, 1553292.
Advisories for those issues with technical details will be available in 3 months on erpscan.com. Exploits will be available soon in ERPScan Security Scanner – innovative SAP vulnerability assessment solution and ERPScan SaaS.