Onapsis Research Labs (ORL) supported SAP in patching 15 vulnerabilities, covered by 12 of the 19 new SAP Security Notes, and 100% of the High Priority Notes.
SAP Security Note #3273480, tagged with a CVSS score of 9.9, was the first patch fixing a
series of Improper Access Control vulnerabilities in SAP NetWeaver AS Java that were detected by the Onapsis Research Labs. The solution was initially released on SAP’s December Patch Day and caused some side effects on the alerting and monitoring capabilities of SAP NW AS Java. The latest update of the note refers to two additional notes fixing these side effects.
Two of the five new HotNews Notes affect SAP Business Objects (SAP BO) Intelligence Platform. SAP Security Note #3245526, tagged with a CVSS score of 9.9, patches a vulnerability in the Central Management Console (CMC) that allows an attacker to inject arbitrary code with a strong negative impact on integrity, confidentiality, and availability of the system.
SAP Security Note #3283438 is tagged with a slightly lower CVSS score of 9.0, thought that doesn’t make it less critical. The lower rating is due to the fact that a successful exploit requires interaction with another user. The note patches an OS Command Execution vulnerability in SAP BO Adaptive Job Server, allowing the execution of arbitrary OS commands over the network.
All four of High Priority Notes were released in collaboration with the ORL and they patch seven vulnerabilities in total, including SAP Security Note #3296476, tagged with a CVSS score of 8.8, which patches Remote Code Execution vulnerabilities in several remote-enabled function modules.
More information can be found in the Onapsis blog. ###