HackDig : Dig high-quality web security articles for hackers

[Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption

2015-09-22 19:00
Hash: SHA1

Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption

1. Impact on Business

By exploiting this vulnerability an unauthenticated attacker could read or
any business-relevant information from the Business Intelligence Platform
and also
render the system unavailable to other users.

Risk Level: High

2. Advisory Information

* Public Release Date: 09/22/2015
* Last Revised: 09/22/2015
* Security Advisory ID: ONAPSIS-2015-013
* Onapsis SVS ID: ONAPSIS-00105
* CVE: N/A
* Researcher: Will Vandevanter
* Vendor Provided CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:C)
* Onapsis CVSS v2: 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C)
* Onapsis CVSS v3: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

3. Vulnerability Information
* Vendor: SAP AG
* Affected Components:
* BussinessObjects Edge 4.0
* BussinessObjects BI Platform 4.1
* BOXI 3.1 R3

* Vulnerability Class: Buffer Copy without Checking Size of Input (CWE-120)
* Remotely Exploitable: Yes
* Locally Exploitable: No
* Authentication Required: No
* Original Advisory:

4. Affected Components Description

Business Objects is part of the Business Intelligence platform from SAP.
It has components that provide performance management, planning, reporting,
query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact with
different platform services.

5. Vulnerability Details

A mishandling of a malformed GIOP packet causes the remote listener to
crash while reading from invalid memory.

6. Solution

Implement SAP Security Note 2001108.

7. Report Timeline

12/23/2013: Onapsis provides vulnerability information to SAP AG.
12/24/2013: SAP AG confirms reception of vulnerability report.
01/14/2014: SAP reports fix is In Process.
05/12/2015: SAP releases SAP Security Note 2001108 fixing the vulnerability.
09/22/2015: Onapsis Releases Security Advisory.

About Onapsis Research Labs
Onapsis Research Labs provides the industry analysis of key security issues
that impact business-critical
systems and applications. Delivering frequent and timely security and
compliance advisories with associated
risk levels, Onapsis Research Labs combine in-depth knowledge and
experience to deliver technical and
business-context with sound security judgment to the broader information
security community.

About Onapsis, Inc.

Onapsis gives organizations the adaptive advantage to succeed in securing
business-critical applications
by combining technology, research and analytics. Onapsis enables every
security and compliance team an
adaptive approach to focus on the factors that matter most to their
business– critical applications
that house vital data and run business processes including SAP Business
Suite, SAP HANA and SAP Mobile deployments.

Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Onapsis Research Team


Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 18/peS/5102/erusolcsidlluf/gro.stsilces

Read:2641 | Comments:0 | Tags:No Tag

“[Onapsis Security Advisory 2015-013] SAP Business Objects Memory Corruption”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)