Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Critical bug in SAP TREX affects SAP HANA and other applications

SAP has issued a security patch for the SAP TREX search engine that addresses also a two-years old critical vulnerability. SAP has issued a security patch for the SAP TREX search engine that addresses multiple vulnerabilities discovered by the experts in a 2015 patch released in December 2015. The SAP TREX search engine is used […]

Critical bug in SAP TREX affects SAP HANA and other applications

SAP has issued a security patch for the SAP TREX search engine that addresses also a two-years old critical vulnerability.

SAP has issued a security patch for the SAP TREX search engine that addresses multiple vulnerabilities discovered by the experts in a 2015 patch released in December 2015.

The SAP TREX search engine is used by many SAP products, including SAP HANA and itsNetWeaver application and integration platform.

“SAP, the largest enterprise software maker, closed a critical vulnerability affecting SAP’s search engine TREX. The issue stayed exposed almost 2 years.” reads a blog post published by the company ERPScan that discovered the flaw. “The vulnerable component is included in the old SAP NetWeaver platform as well as in the new SAP HANA one, which makes it one of the most widespread and severe SAP server-side issues so far with CVSS score 9.4 out of 10. The vulnerability was identified by specialists at ERPScan,” “If exploited, the vulnerability would allow a remote attacker to get full control over the server without authorization.”

SAP was affected by a critical code injection vulnerability (SAP Security Note 2419592) that he company addressed with the 2015 patch, unfortunately the problem was not completely solved.

SAP TREX

Mathieu Geli from ERPScan discovered that the TREXNet communication protocol implemented in the SAP TREX search engine did not implement an authentication mechanism.

“Originally, the vulnerability was discovered in SAP HANA in 2015 and the corresponding SAP Security Note (2234226) was released in December 2015. The issue was dubbed a potential technical information disclosure and fixed by removing some critical functions.” continues the post. “Later on, Mathieu Geli from ERPScan conducted a further research and revealed that the vulnerability was still exploitable. He found out that TREXNet, an internal communication protocol used by TREX, did not provide an authentication procedure. “

The expert made a reverse engineering of a protocol for HANA and then for the SAP TREX search engine. Both share a common protocol, for this reason the exploit could be easily adapted. He highlighted that SAP fixed just some features related to the core protocol.

“I reversed a protocol for HANA and then for the TREX search engine. As they share a common protocol, the exploit has been easily adapted. SAP fixed some features, but not everything affecting the core protocol. It was still possible to get full control on the server even with a patched TREX.” explained the expert.

The vulnerability, tracked as CVE-2017-7691, could be exploited by an attacker to read or create operating system files by sending a crafted request to TREXNet ports.

The flaw was fized along with other bugs in SAP’s April security release.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  SAP TREX search engine, hacking)