U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SAP Security Notes fixes SAP POS flaw potentially affecting 500 billion installations

SAP has released its SAP Security Notes for July 2017 that includes 23 patches, the most severe is a SAP POS flaw that affects about 500 billion installs SAP has released its Security Notes for July that includes 23 patches with the majority of them rated medium. The most severe issue is a high-risk DoS vulnerability […]

SAP Security Notes July 2017 1.PNG

SAP has released its SAP Security Notes for July 2017 that includes 23 patches, the most severe is a SAP POS flaw that affects about 500 billion installs

SAP has released its Security Notes for July that includes 23 patches with the majority of them rated medium.

The most severe issue is a high-risk DoS vulnerability that affects SAP Point of Sale, a solution that has 500 billion installs, many of them used by retail companies from the Forbes Global 2000 list.

“On 11th of July 2017, SAP Security Patch Day saw the release of 10 security notes. Additionally, there were 2 updates to previously released security notes.” reads the advisory published by SAP.

“The high priority security note 2476601 released today addresses technical issues in SAP Point of Sale (POS) Retail Xpress Server with potential disclosure at upcoming security conferences. Therefore, we wish to remind you to apply all SAP Security Notes on a priority.”

SAP POS FLAW

Experts at security firm ERPScan found multiple missing authorization checks on the server side of SAP POS Suite. The flaws can be exploited by a remote unauthenticated attacker to:

  • read/delete/write sensitive information;
  • shut down a vulnerable application;
  • monitor content displayed on a receipt window of a POS:

“11 of all the Notes were released after the second Tuesday of the previous month and before the second Tuesday of this month. 5 of all the Notes are updates to previously released Security Notes.” states the analysis published by ERPScan.

“4 of the released SAP Security Notes have a High priority rating. The highest CVSS score of the vulnerabilities is 8.1.”

SAP POS FLAW

Below are the details of the SAP vulnerability identified by the experts at the ERPScan team.

  • Multiple Missing authorization check vulnerabilities in SAP Point of Sale (PoS) (CVSS Base Score: 8.1). Update is available in SAP Security Note 2476601. An attacker can use a Missing authorization check vulnerability to access a service without any authorization procedure and use service functionality that has restricted access. This can lead to an information disclosure, privilege escalation, and other attacks.
  • A Missing authorization check vulnerability in SAP Host Agent (CVSS Base Score: 7.5). Update is available in SAP Security Note 2442993. An attacker can use a Missing authorization check vulnerability to access a service without any authorization procedure and use service functionality that has restricted access. This can lead to an information disclosure, privilege escalation, and other attacks.
  • Multiple vulnerabilities (Cross-site scripting and Cross-site request forgery) in SAP CRM Internet Sales Administration Console (CVSS Base Score: 6.1). Update is available in SAP Security Note 2478964. An attacker can exploit a Cross-site scripting vulnerability to inject a malicious script into a page. The malicious script can access cookies, session tokens and other critical information stored and used for interaction with a web application. An attacker can gain access to user session and learn business-critical information; in some cases, it is possible to get control over this information. Also, XSS can be used for unauthorized modifying of displayed content. Moreover, an attacker can use a Cross-site request forgery vulnerability for exploiting an authenticated user’s session with a help of making a request containing a certain URL and specific parameters. A function will be executed with authenticated user’s rights.

The most dangerous flaws in the SAP Security Notes July 2017 are:

  • 2453640: SAP Governance, Risk and Compliance Access Controls (GRC) has a Code injection vulnerability (CVSS Base Score: 6.5).
  • 2409262: SAP BI Promotion Management Application has an XML external entity vulnerability (CVSS Base Score: 6.1). 
  • 2398144: SAP Business Objects Titan has an XML external entity vulnerability (CVSS Base Score: 5.4).

ERPScan did not publish any technical detail to avoid public exploitation of the flaws in the wild.

Recommend that SAP customers install the patch as soon as possible.

[adorate banner=”9″]

Pierluigi Paganini 

(Security Affairs – SAP POS, hacking)

[adrotate banner=”13″]