Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Authentication bypass vulnerability in ESR, SAP security note 1533004

Description

Some Java-based administration pages used in the ESR administration are vulnerable for authentication bypass. This can potentially result in an escalation of privileges. Furthermore, it can be exploited for remote file overwrite, denial of service attack, user locking, smb relay attack.

Available fix and Supported packages

  • SAP_XIESR | 7.10 | 7.11
  • SAP_XIESR | 7.20 | 7.20
  • SAP_XIESR | 7.30 | 7.30
  • SAP_XIESR | 7.31 | 7.31
  • SAP_XITOOL | 3.0 | 3.0
  • SAP_XITOOL | 7.00 | 7.02
  • ESR 7.10 | SP008 | 000023
  • ESR 7.10 | SP009 | 000027
  • ESR 7.10 | SP010 | 000020
  • ESR 7.10 | SP011 | 000020
  • ESR 7.10 | SP012 | 000000
  • ESR 7.11 | SP003 | 000024
  • ESR 7.11 | SP004 | 000021
  • ESR 7.11 | SP005 | 000030
  • ESR 7.11 | SP006 | 000001
  • ESR 7.11 | SP007 | 000000
  • ESR 7.20 | SP003 | 000002
  • ESR 7.20 | SP004 | 000001
  • ESR 7.20 | SP005 | 000000
  • ESR 7.30 | SP000 | 000001
  • ESR 7.30 | SP001 | 000001
  • ESR 7.30 | SP002 | 000000
  • XI TOOLS 3.0 | SP025 | 000007
  • XI TOOLS 3.0 | SP026 | 000004
  • XI TOOLS 3.0 | SP027 | 000001
  • XI TOOLS 3.0 | SP028 | 000000

Affected component

    BC-XI-IBD
    Integration Builder – Design

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1533004

TAGS

#NetWeaver-CE
#Composition-Environment
#Process-Integration
#ESR
#Enterprise-Services-Repository
#Administration
#HTTP
#authentication-bypass

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer