[FD] SAP Security Notes August 2015

SAP http://www.sap.com/ has released http://scn.sap.com/community/security/blog/2015/08/11/sap-security-patch-day-summary--august-2015the monthly critical patch update for August 2015. This patch update closes 22 vulnerabilities in SAP products, 15 have high priority, some of them belong to the

[FD] ERPSCAN Research Advisory [ERPSCAN-15-012] SAP Afaria 7 XComms – Buffer Overflow

Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Buffer Overflow Sent: 13.03.2015 Reported: 14.03.2015 Vendor response:14.03.2015 Date of Public Advisory:18.05.2015 Reference: SAP Security Note 2153690 Author:

[FD] [ERPSCAN-15-025] Oracle E-Business Suite Database user enumeration Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite - Database user enumeration Advisory ID: [ERPSCAN-15-025] Advisory URL: http://erpscan.com/advisories/erpscan-15-025-oracle-e-business-suite-database-user-enumeration-vulnerability/ Date published:20.10.2015 Vendors contacted: Oracle 2.

[FD] [ERPSCAN-15-030] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite XXE injection Advisory ID: [ERPSCAN-15-030] Advisory URL: http://erpscan.com/advisories/erpscan-15-030-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION

[FD] [ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability

1. ADVISORY INFORMATION Title: Oracle E-Business Suite - XXE injection Advisory ID: [ERPSCAN-15-029] Advisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/ Date published: 21.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION

[FD] ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access

ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response:

[FD] [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials

ERPSCAN Research Advisory [ERPSCAN-15-015] SAP NetWeaver AS ABAP– Hardcoded Credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor response:

[FD] [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository

ERPSCAN Research Advisory [ERPSCAN-15-014] SAP Mobile Platform 3 – XXE in Add Repository Application: SAP Mobile Platform Versions Affected: SAP Mobile Platform 3, probably others Vendor URL: http://SAP.com Bugs: XML External Entity Sent: 13.03.2015 Reported: 14.03.2015 Vendor response:

[FD] [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials

ERPSCAN Research Advisory [ERPSCAN-15-016] SAP NetWeaver – Hardcoded credentials Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS ABAP, probably others Vendor URL: http://SAP.com Bugs: Hardcoded credentials Sent: 06.03.2014 Reported: 07.03.2014 Vendor

[FD] ERPSCAN Research Advisory [ERPSCAN-15-022] SAP NetWeaver 7.4 - XSS

Application:SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Send: 13.07.2015 Reported: 13.07.2015 Vendor response:

[FD] [ERPSCAN-15-019] SAP Afaria - Stored XSS

Application:SAP Afaria Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Stored XSS Send: 18.02.2015 Reported: 18.02.2015 Vendor response: 18.02.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2152669

[FD] [ERPSCAN-16-016] SAP NetWeaver Java AS WD_CHAT - Information disclosure vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: information disclosure Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2255990

[FD] [ERPSCAN-16-015] SAP NetWeaver Java AS - multiple XSS vulnerabilities

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bugs: XSS Sent: 29.09.2015 Reported: 30.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238765 Author: Vahagn Vardanyan

[FD] [ERPSCAN-16-012] SAP NetWeaver AS JAVA - directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2234971 Author:

[FD] [ERPSCAN-16-014] SAP NetWeaver AS Java NavigationURLTester - XSS vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XSS Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2238375 Author: Vahagn

[FD] [ERPSCAN-16-013] SAP NetWeaver AS Java ctcprotocol servlet - XXE vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016 Reference: SAP Security Note 2235994 Author: Vahagn Vardanyan

[FD] [ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption

[ERPSCAN-15-024] SAP HANA hdbindexserver - Memory corruption Application: SAP HANA Versions Affected: SAP HANA 1.00.095 Vendor URL: http://SAP.com Bugs: Memory corruption, RCE Reported: 17.07.2015

[FD] [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability

Application:SAP MII Versions Affected: SAP MII 12.2, 14.0, 15.0 Vendor URL: http://SAP.com Bugs: Authentication bypass Send: 05.09.2015 Reported: 05.09.2015 Vendor response: 06.09.2015 Date of

[FD] [ERPSCAN-16-005] SAP HANA hdbxsengine JSON – DoS vulnerability

Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://SAP.com Bugs: DoS Sent: 28.09.2015 Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli (ERPScan) Description 1. ADVISORY

[FD] [ERPSCAN-16-004] SAP NetWeaver 7.4 (Pmitest servlet) – XSS vulnerability

Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2234918 Author: Vahagn Vardanyan

[FD] [ERPSCAN-16-011] SAP NetWeaver AS JAVA – SQL injection vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL:http://SAP.com Bugs:SQL injection Send: 04.12.2015 Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079

[FD] [ERPSCAN-16-009] SAP xMII - directory traversal vulnerability

Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 29.07.2015 Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin (ERPScan)

[FD] [ERPSCAN-16-002] SAP HANA - log injection and no size restriction

Application: SAP HANA Versions Affected: SAP HANA Vendor URL: http://SAP.com Bugs: Log injection Sent:28.09.2015 Reported: 28.09.2015 Vendor response: 29.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2241978 Author: Mathieu Geli (ERPScan) Description

[FD] [ERPSCAN-16-001] SAP NetWeaver 7.4 - XSS vulnerability

Application:SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: Cross-Site Scripting Sent: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2206793 Author: Vahagn Vardanyan (ERPScan)

[FD] [ERPSCAN-16-003] SAP NetWeaver 7.4 - cryptographic issues

Application: SAP NetWeaver Versions Affected: SAP NetWeaver J2EE Engine 7.40 Vendor URL: http://SAP.com Bugs: cryptographic issues Sent: 01.09.2015 Reported: 01.09.2015 Vendor response: 02.09.2015 Date of Public Advisory: 12.01.2016 Reference: SAP Security Note 2191290 Author: Vahagn

[FD] [ERPSCAN-16-020] SAP NetWeaver AS JAVA UDDI component - XXE vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2254389 Author: Vahagn Vardanyan

[FD] [ERPSCAN-16-021] SAP xMII - Reflected XSS vulnerability

Application: SAP xMII Versions Affected: SAP xMII 15 Vendor URL: http://SAP.com Bugs: XSS Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 12.04.2016 Reference: SAP Security Note 2201295 Author: Nursultan Abubakirov (ERPScan) , Vahagn Vardanyan

[FD] CVE-2017-3241 - [ERPSCAN-17-006] Oracle OpenJDK - Java Serialization DoS

Application: Java SE Vendor: Oracle Bug: DoS Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Author: Roman Shalymov 1. ADVISORY INFORMATION Title: Oracle OpenJDK - Java Serialization DoS Advisory ID: [ERPSCAN-17-006]

[FD] [ERPSCAN-17-005] Oracle PeopleSoft - XSS vulnerability CVE-2017-3300

Application: Oracle PeopleSoft Vendor: Oracle Bugs: XXS Reported: 31.10.2016 Vendor response: 1.11.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Authors: Vahagn Vardanyan, Dmitry Yudin 1. ADVISORY INFORMATION Title: Oracle PeopleSoft – XSS vulnerability

[FD] [ERPSCAN-16-036] SAP ASE ODATA SERVER - DENIAL OF SERVICE

Application: SAP ASE Versions Affected: SAP ASE ODATA Server v16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2330422 Author: Vahagn @vah_13 Vardanyan

[FD] [ERPSCAN-16-037] SAP NetWeaver AS JAVA P4 - INFORMATION DISCLOSURE

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.11-7.4 Vendor URL: http://SAP.com Bugs: Information disclosure Sent: 10.03.2016 Reported: 11.03.2016 Vendor response: 11.03.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2331908 Author:

[FD] [ERPSCAN-16-028] SAP Adaptive Server Enterprise - DoS vulnerability

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note

[FD] [ERPSCAN-16-030] SAP NetWeaver - buffer overflow vulnerability

Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author:

[FD] [ERPSCAN-16-029] SAP NetWeaver AS JAVA - deserialization of untrusted user value

Application: SAP EP-RUNTIME component Versions Affected: SAP EP-RUNTIME 7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2315788 Author: Mathieu Geli

[FD] [ERPSCAN-16-033] SAP NetWeaver AS JAVA icman - DoS vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: Denial of Service Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2313835 Author: Vahagn

[FD] [ERPSCAN-16-034] SAP NetWeaver AS JAVA - XXE vulnerability in BC-BMT-BPM-DSK component

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.4 Vendor URL: http://SAP.com Bug: XXE Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2296909 Author: Vahagn Vardanyan

[FD] [ERPSCAN-16-031] SAP NetWeaver AS ABAP – directory traversal using READ DATASET

Application: SAP NetWeaver AS ABAP Versions Affected: SAP NetWeaver AS ABAP 7.4 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 22.04.2016 Reported: 23.04.2016 Vendor response: 23.04.2016 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2312966 Author: Daria

[FD] [ERPSCAN-16-032] SAP Telnet Console – Directory traversal vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 to 7.5 Vendor URL: http://SAP.com Bugs: Directory traversal Sent: 04.12.2015 Reported: 05.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 09.08.2016 Reference: SAP Security Note 2280371 Author:

[FD] [ERPSCAN-16-035] SAP Solman - user accounts disclosure

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: http://SAP.com Bugs: Information Disclosure Sent: 12.07.2016 Reported: 13.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan (ERPScan)

[FD] [ERPSCAN-16-041] SAP NETWEAVER DIRECTORY CREATION OUTSIDE OF THE JVM

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA UMEADMIN component Vendor URL: http://SAP.com Bugs: Directory traversal Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 13.12.2016 Reference: SAP Security Note 2310790 Author: Mathieu Geli (ERPScan)

[FD] [ERPSCAN-17-020] XXE VIA DOCTYPE in PeopleSoft PeopleSoftServiceListeningConnector

Application: Oracle PeopleSoft Versions Affected: PeopleSoft HCM 9.2 on PeopleTools 8.55 Vendor URL: http://oracle.com Bug: XXE Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Nadya Krivdyuk (ERPScan) Description 1.

[FD] [ERPSCAN-17-022] SSRF in PeopleSoft IMServlet

Application: Oracle PeopleSoft Versions Affected: ToolsRelease: 8.55.03; ToolsReleaseDB: 8.55; PeopleSoft HCM 9.2 Vendor URL: http://oracle.com Bugs: SSRF Reported: 23.12.2016 Vendor response: 24.12.2016 Date of Public Advisory: 18.04.2017 Reference: Oracle CPU April 2017 Author: Roman Shalymov

[FD] Directory Traversal vulnerability in Integration Gateway (PSIGW)

1. ADVISORY INFORMATION Title: Directory Traversal vulnerability in Integration Gateway (PSIGW) Advisory ID: [ERPSCAN-17-038] Advisory URL: https://erpscan.com/advisories/erpscan-17-038-directory-traversal-vulnerability-integration-gateway-psigw/ Risk: High Date published: 18.07.2017 Vendor