Full Disclosure mailing list archives

By Date By Thread [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability From: Onapsis Research Labs <research () onapsis com>

Date: Wed, 27 May 2015 15:28:05 -0300

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection Vulnerability 1. Impact on Business ===================== Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator. Risk Level: Medium 2. Advisory Information ======================= - - Public Release Date: 2015-05-27 - - Subscriber Notification Date: 2015-05-27 - - Last Revised: 2015-05-27 - - Security Advisory ID: ONAPSIS-2015-007 - - Onapsis SVS ID: ONAPSIS-00140 - - CVE: CVE-2015-3994 - - Researcher: Fernando Russ, Nahuel D. Sánchez - - Initial Base CVSS v2: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP A.G. - - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) - - Vulnerability Class: Improper Output Neutralization for Logs (CWE-117) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Original Advisory: http://www.onapsis.com/research/security-advisories/SAP-HANA-log-injection-vulnerability-in-extended-application-services 4. Affected Components Description ================================== SAP HANA is a platform for real-time business. It combines database, data processing, and application platform capabilities in-memory. The platform provides libraries for predictive, planning, text processing, spatial, and business analytics. 5. Vulnerability Details ======================== Under certain conditions a remote authenticated attacker can inject log lines performing specially crafted HTTP requests to the vulnerable SAP HANA XS Engine. The vulnerable application is “grant.xsfunc”, located under: /testApps/grantAccess/grant.xscfunc 6. Solution =========== Implement SAP Security Note 2109818 7. Report Timeline ================== 2014-10-03: Onapsis provides vulnerability information to SAP AG. 2014-11-07: Onapsis provides additional information about the vulnerability to SAP AG. 2015-01-26: Onapsis provides additional information about the vulnerability to SAP AG. 2015-02-10: SAP AG publishes security note 2109818 which fixes the problem. 2015-05-27: Onapsis publishes security advisory. Organizations depend on Onapsis because of our ability to provide reliable expertise and solutions for securing business essentials About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlVmDLIACgkQz3i6WNVBcDUR4ACeK/opClwvxRdiTBODTGzuNT3T mfQAoMb54pvOSeCMqeMjKokdsN/i8GNL =JXst -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/ By Date By Thread Current thread: [Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability Onapsis Research Labs (May 27)