Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

SMB credential reflection in SAP JEE telnet admin console, SAP security note 1425847

Description

Once connected to the JEE telnet administration console a specific command can be executed causing a SMB credential reflection vulnerability.

Attacker can use this vulnerability to replay the user’s credentials back to them and e.g. execute code in the context of the logged-on user.

Available fix and Supported packages

  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 6.40 | 6.40
  • SAP-JEECOR | 7.01 | 7.02
  • SERVERCORE | 7.10 | 7.10
  • SERVERCORE | 7.11 | 7.11
  • SERVERCORE | 7.20 | 7.20
  • SERVERCORE | 7.30 | 7.30
  • J2EE ENGINE SERVERCORE 7.10 | SP008 | 000019
  • J2EE ENGINE SERVERCORE 7.10 | SP009 | 000009
  • J2EE ENGINE SERVERCORE 7.10 | SP010 | 000000
  • J2EE ENGINE SERVERCORE 7.11 | SP003 | 000019
  • J2EE ENGINE SERVERCORE 7.11 | SP004 | 000005
  • J2EE ENGINE SERVERCORE 7.11 | SP005 | 000000
  • J2EE ENGINE SERVERCORE 7.20 | SP001 | 000007
  • J2EE ENGINE SERVERCORE 7.20 | SP002 | 000002
  • J2EE ENGINE SERVERCORE 7.20 | SP003 | 000000
  • SAP J2EE ENGINE CORE 6.40 | SP024 | 000006
  • SAP J2EE ENGINE CORE 6.40 | SP026 | 000000
  • SAP J2EE ENGINE CORE 7.00 | SP019 | 000019
  • SAP J2EE ENGINE CORE 7.00 | SP020 | 000015
  • SAP J2EE ENGINE CORE 7.00 | SP021 | 000003
  • SAP J2EE ENGINE CORE 7.00 | SP022 | 000000
  • SAP J2EE ENGINE CORE 7.01 | SP004 | 000016
  • SAP J2EE ENGINE CORE 7.01 | SP005 | 000016
  • SAP J2EE ENGINE CORE 7.01 | SP006 | 000001
  • SAP J2EE ENGINE CORE 7.01 | SP007 | 000000
  • SAP J2EE ENGINE CORE 7.02 | SP003 | 000001
  • SAP J2EE ENGINE CORE 7.02 | SP004 | 000000

Affected component

    BC-JAS-ADM-ADM
    Administration

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1425847

TAGS

#SMB-Relay-attack-LM-NTLM-credential-reflection

More to explorer