This note solves two similar issues. Both vulnerabilities are caused by an incomplete xml validation.
- SAP Solution Manager (Application: Trace Analysis) allows an attacker to inject superflous data that can be displayed by the application.The application shows additional data that do not actually exist.
- It is possible to perform a log injection into the trace file. The readability of the trace file is impaired.
Available fix and Supported packages
- LM-SERVICE | 7.20 | 7.20
- SOLMANDIAG 720 | SP004 | 000015
- SOLMANDIAG 720 | SP005 | 000016
- SOLMANDIAG 720 | SP006 | 000017
- SOLMANDIAG 720 | SP007 | 000023
- SOLMANDIAG 720 | SP008 | 000019
- SOLMANDIAG 720 | SP009 | 000011
- SOLMANDIAG 720 | SP010 | 000005
Exploit is not available.
For detailed information please contact the mail [email protected]