SAP released monthly critical patch update for May 2011. This patch updates close 10 public vulnerabilities in SAP products. 2 of those vulnerabilities were found by ERPScan researchers Alexey Sintsov and Dmitriy Evdokimov.
SAP traditionally sent acknowledgements for the found vulnerabilities to security researchers from ERPScan on their acknowledgement page.
The most critical one is missing authorization check vulnerability in one of the RFC modules which can lead to privilege escalation and SMB relay attacks (priority 2 according to SAP metrics). Second vulnerability is XSS in one of the Java application.
It is highly recommended to patch all those issues to prevent business risks.
Solutions for those issues are available in SAP Security Notes: 1554030, 1553292.
Advisories for those issues with technical details will be available in 3 months on erpscan.com. Exploits will be available soon in ERPScan Security Scanner – innovative SAP vulnerability assessment solution and ERPScan SaaS.