0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection Vulnerability
Author
Risk
[
Security Risk High
]0day-ID
Category
Date add
CVE
Platform
Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-042 - Onapsis SVS ID: ONAPSIS-00251 - CVE: CVE-2016-7435 - Researcher: Pablo Artuso - Vendor Provided CVSS v3: 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H) - Onapsis CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP Netweaver 7.40 SP 12 - Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: Yes - Original Advisory: https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv 4. Affected Components Description ================================== SAP NetWeaver is the SAP technological integration platform, on top of which, enterprise and business solutions are developed and run. In particular, SCTC is a subpackage of SAP_BASIS which holds technical configurations. 5. Vulnerability Details ======================== The SCTC_REFRESH_CHECK_ENV function doesn't correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command. 6. Solution =========== Implement SAP Security Note 2260344. 7. Report Timeline ================== - 11/26/2015: Onapsis provides vulnerability information to SAP AG. - 11/27/2015: SAP AG confirms reception of vulnerability report. - 01/12/2016: SAP reports fix is In Process. - 03/08/2016: SAP releases SAP Security Note 2260344 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. # 0day.today [2024-12-24] #