|
Brought to you by:
Suppliers of:
|
|
|
| |
| SAP Web Application Server (SAP WAS) is "a platform for efficient development and implementation Web applications. SAP Web Application Server is a crucial component of mySAP Technology platform". Multiple vulnerabilities have been discovered in SAP Web Application server. |
| |
Credit:
The information has been provided by Nicob.
|
| |
Vulnerable Systems:
* SAP Web AS version 6.40 before patch 136
* SAP Web AS version 7.00 before patch 66
The following vulnerabilities were found in the monitoring functionality of the SAP Web Application Server :
* A remote file disclosure vulnerability allows reading any file to which the user that the SAP Web Application Server is running as had access. Under Windows, the service runs by default under the SAPServiceJ2E account. This account is member of the local administrator group.
* A remote denial of service allows crashing the enserver.exe process.
* A local privilege escalation vulnerability allows any local user to use the file disclosure vulnerability to access an user-controlled process via a named pipe and impersonate as user SAPServiceJ2E. The exploitation is possible only on Windows 2000 pre-SP4, Windows XP pre-SP2 and Windows NT.
Technical details will be released three months after publication of this pre-advisory. This was agreed upon with SAP to allow their clients to upgrade affected software prior to the technical knowledge been publicly available.
Workarounds:
Vulnerability #1 : Restrict network access to TCP port 3200+SYSNR
Vulnerability #2 : Restrict network access to TCP port 3200+SYSNR
Vulnerability #3 : Disable local access to the server
Solution:
Apply patch 136 for version 6.40 or patch 66 for version 7.00
Note : the mentioned patch level refers to the enqueue server More details can be found in SAP notes 948457 and 959877
|
|
|
|
|
