Today we will talk about SAP Afaria Security. We will show how SAP Afaria, an MDM solution from a world-famous software vendor, works and how cybercriminals can attack it in different ways using Stored XSS vulnerability.
In a nutshell, MDM is a set of services that help an administrator of a large company to control the mobile devices (smartphones, tablets, phablets and so on and so forth) of employees, thus establishing the security measures of corporate data stored and processed on those devices. A special application called MDM client is installed on a device and allows administrators to implement settings.
With this article we are starting new series of posts giving a review of one of the most frequent vulnerability which affects a lot of SAP modules: cross-site scripting, or XSS. XSS is by far one of the most popular vulnerability indeed in all products and a most popular vulnerability in SAP products with a total number of 628 vulnerabilities that is almost 22% of all vulnerabilities ever found in SAP during 12 years. You can find this in our latest research “Analysis of 3000 vulnerabilities in SAP” . Only ERPScan researchers have reported about 52 XSS vulnerabilities in SAP products (by mid-2014).
Figure 1 – Ten of the most common vulnerabilities in SAP Read more..