Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Gateway Bypassing monitor commands, SAP security note 1072946

Description

The gateway monitor allows only local monitoring when you set the parameter gw/monitor = 1. However, it also allows some remote monitoring.

These are:

    1. Displaying the release information
    2. Displaying connection information
    3. Displaying connection handle information (conversation ID)

Available fix and Supported packages

  • SAP_BASIS | 46D | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 720
  • SAP KERNEL 4.6D_EX2 32-BIT | SP2498 | 002498
  • SAP KERNEL 4.6D_EX2 64-BIT | SP2498 | 002498
  • SAP KERNEL 4.6D_EXT 32-BIT | SP2498 | 002498
  • SAP KERNEL 4.6D_EXT 64-BIT | SP2498 | 002498
  • SAP KERNEL 6.40 32-BIT | SP313 | 000313
  • SAP KERNEL 6.40 32-BIT UNICODE | SP313 | 000313
  • SAP KERNEL 6.40 64-BIT | SP313 | 000313
  • SAP KERNEL 6.40 64-BIT UNICODE | SP313 | 000313
  • SAP KERNEL 6.40_EX2 32-BIT | SP313 | 000313
  • SAP KERNEL 6.40_EX2 32-BIT UC | SP313 | 000313
  • SAP KERNEL 6.40_EX2 64-BIT | SP313 | 000313
  • SAP KERNEL 6.40_EX2 64-BIT UC | SP313 | 000313
  • SAP KERNEL 7.00 32-BIT | SP236 | 000236
  • SAP KERNEL 7.00 32-BIT UNICODE | SP236 | 000236
  • SAP KERNEL 7.00 64-BIT | SP236 | 000236
  • SAP KERNEL 7.00 64-BIT UNICODE | SP236 | 000236
  • SAP KERNEL 7.01 32-BIT | SP073 | 000073
  • SAP KERNEL 7.01 32-BIT UNICODE | SP073 | 000073
  • SAP KERNEL 7.01 64-BIT | SP073 | 000073
  • SAP KERNEL 7.01 64-BIT UNICODE | SP073 | 000073

Affected component

    BC-CST-GW
    Gateway/CPIC

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1072946

TAGS

#gw/monitor

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.