Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Multiple Vulnerabilities in SAP Data Services, SAP security note 2982840

Description

Remote Code Execution

SAP Data Services allow an unauthenticated attacker to send a malicious request which could result in remote code execution. This occurs due to insufficient input validation and a successful exploit would result in complete compromise of system confidentiality, integrity and availability.

CVSS: 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Denial of Service

SAP Data Services allow an unauthenticated attacker to override access permission which may cause Denial of Service when performing a file upload. On successful exploitation, the attacker can completely compromise the availability of the application.

CVSS: 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Available fix and Supported packages

  • SBOP_DS_MANAGEMENT_CONSOLE | 4.2 | 4.2
  • SAP DATA SERVICES 4.2 | SP012 | 000010
  • SAP DATA SERVICES 4.2 | SP013 | 000004
  • SAP DATA SERVICES 4.2 | SP014 | 000004

Affected component

    EIM-DS-DEP
    Deployment, Installation, Upgrade

CVSS

Score: 9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2982840

TAGS

#CVE-2019-0230
#&160-CVE-2019-0233
#&160-SAP-Data-Services
#&160-Remote-Code-Execution
#&160-Denial-of-Service

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,