Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2 ## Impact on Business Due to a missing authorization check in SAP Solution Manager LM-SERVICE component a remote authenticated attacker could be able to execute...

4h

Onapsis Security Advisory 2021-0013: [CVE-2020-26829] - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0013: [CVE-2020-26829] - Missing Authentication Check In SAP NetWeaver AS JAVA P2P Cluster communication ## Impact on Business A malicious unauthenticated user could abuse the lack of authentication check on SAP Java P2P cluster communication, in...

4h

Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0012: SAP Manufacturing Integration and Intelligence lack of server side validations leads to RCE ## Impact on Business By abusing a Code Injection in SAP MII, an authenticated user with SAP XMII Developer privileges could execute code (including...

4h

Onapsis Security Advisory 2021-0011 Missing authorization check in SolMan End-User Experience Monitoring

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0011: Missing authorization check in SolMan End-User Experience Monitoring ## Impact on Business Any authenticated user of the Solution Manager is able to craft/upload and execute EEM scripts on the SMDAgents affecting its Integrity, Confidentiality...

4h

Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring ## Impact on Business The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager, is vulnerable to path traversal. As a consequence, an unauthorized...

4h

Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager ## Impact on Business Unauthenticated attackers can bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator. This may impact...

4h

Onapsis Security Advisory 2021-0008: OS Command Injection in CA Introscope Enterprise Manager

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0008: OS Command Injection in CA Introscope Enterprise Manager ## Impact on Business The vulnerability can allow an attacker to inject OS commands and thus gain complete control of the host running the CA Introscope Enterprise Manager. That exploit...

4h

Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0007: Exposure of Sensitive Information to an Unauthorized Actor ## Impact on Business An attacker can generate download-links sequentially targeting "impex" directory files. As a consequence, they will be able download most of these files, potentially...

4h

Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0006: [CVE-2020-26811] - SAP Hybris eCommerce - SSRF in acceleratorservices module ## Impact on Business SAP Hybris *acceleratorservices* module is vulnerable to be used to make custom POST requests to any valid URL without authentication. ## Advisory...

4h

Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis

Posted by Onapsis Research via Fulldisclosure on Jun 14# Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis ## Impact on Business Under certain circumstances, an attacker might be able to steal a cookie from the application. It may impact the confidentiality of the service. ## Advisory Information...

4h