RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

April 13, 2010
12:00 am

Potential Security Issues in SAP Solution Manager, SAP security note 1418032

Description

This SAP Note contains fixes for security issues with the Operations part of SAP Solution Manager (component SV-SMG-OP).
The following risks are addressed:

Cross Site Scripting

The SAP Solution Manager (Operations part) can be abused by a malicious user allowing them to modify displayed application content without authorization and to potentially obtain authentication information from other legitimate users.

SQL injection

A malicious user can exploit SAP Solution Manager (Operations part) using specially crafted inputs to execute arbitrary database commands to retrieve, modify, or remove data persisted by the system.

Hard-coded user names (Backdoor)

SAP Solution Manager (Operations part) contains code which changes the program’s behaviour when a user successfully authenticates with a certain username.

Available fix and Supported packages

ST | 400 | 400
ST 400 | SAPKITL433 |

Affected component

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1418032

RedRays SAP Security Team

Potential Security Issues in SAP Solution Manager, SAP security note 1418032

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

RedRays and Cenobe Cybersecurity Announce Strategic Partnership

SAP Security Patch Day – July 2024

Announcement: In-Depth SAP Security Training at BlackHat MEA 2024

SAP Security Patch Day – June 2024