Monthly Archive: September 2021

The Service Layer of SAP Business One, version – 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function,...

DMIS Mobile Plug-In or SAP S/4HANA, versions – DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly...

SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly...

SAP Business One, version – 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. Date published : 2021-09-15 https://launchpad.support.sap.com/#/notes/3071984 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions – 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. Date published : 2021-09-15...

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions – 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify...

Potentially, SAP Cloud Connector, version – 2.0 communication with the backend is accepted without sufficient validation of the certificate. Date published : 2021-09-15 https://launchpad.support.sap.com/#/notes/3058553 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

SAP Cloud Connector, version – 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed...

SAP Cloud Connector, version – 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. Date published : 2021-09-15 https://launchpad.support.sap.com/#/notes/3058553 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806

SAP Cloud Connector, version – 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as ‘..’ and ‘/’ separators, for attackers to escape...

NWDI Notification Service versions – 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to...

Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeaver Development Infrastructure Component Build Service allows a...

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Date published : 2021-09-15 http://seclists.org/fulldisclosure/2021/Oct/13 http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. Date published : 2021-09-15 http://seclists.org/fulldisclosure/2021/Oct/13 http://packetstormsecurity.com/files/164423/Dahua-Authentication-Bypass.html