Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtPablo Artuso1337DAY-ID-25345
HistoryOct 05, 2016 - 12:00 a.m.

SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection Vulnerability

2016-10-0500:00:00
Pablo Artuso
0day.today
36

0.005 Low

EPSS

Percentile

76.8%

JSON

Exploit for windows platform in category remote exploits

Onapsis Security Advisory ONAPSIS-2016-042: SAP OS Command Injection in SCTC_REFRESH_CHECK_ENV

1. Impact on Business
=====================
By exploiting this vulnerability an authenticated user will be able to take full control of the system.

Risk Level: Critical

2. Advisory Information
=======================
- Public Release Date: 09/22/2016
- Last Revised: 09/22/2016
- Security Advisory ID: ONAPSIS-2016-042
- Onapsis SVS ID: ONAPSIS-00251
- CVE: CVE-2016-7435
- Researcher: Pablo Artuso
- Vendor Provided CVSS v3: 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H)
- Onapsis CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

3. Vulnerability Information
============================
- Vendor: SAP AG
- Affected Components: SAP Netweaver 7.40 SP 12
- Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78)
- Remotely Exploitable: Yes
- Locally Exploitable: No
- Authentication Required: Yes
- Original Advisory: https://www.onapsis.com/research/security-advisories/sap-os-command-injection-sctcrefreshcheckenv

4. Affected Components Description
==================================
SAP NetWeaver is the SAP technological integration platform, on top of which, enterprise and business solutions are developed and run.
In particular, SCTC is a subpackage of SAP_BASIS which holds technical configurations.

5. Vulnerability Details
========================
The SCTC_REFRESH_CHECK_ENV function doesn't correctly sanitize variables used when executing CALL 'SYSTEM' statement, allowing an attacker, with particular privileges, to execute any arbitrary OS command.

6. Solution
===========
Implement SAP Security Note 2260344.

7. Report Timeline
==================
- 11/26/2015: Onapsis provides vulnerability information to SAP AG.
- 11/27/2015: SAP AG confirms reception of vulnerability report.
- 01/12/2016: SAP reports fix is In Process.
- 03/08/2016: SAP releases SAP Security Note 2260344 fixing the vulnerability.
- 09/22/2016: Onapsis Releases Security Advisory.

#  0day.today [2018-01-01]  #

Related

packetstorm 3
nvd 1
prion 1
cvelist 1
zdt 2
cve 1
packetstorm
packetstorm
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection
2016-10-03 00:00:00
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_CHECK_ENV Command Injection
2016-10-03 00:00:00
SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection
2016-10-03 00:00:00
nvd
nvd
CVE-2016-7435
2016-10-05 16:59:06
prion
prion
Design/Logic Flaw
2016-10-05 16:59:00
cvelist
cvelist
CVE-2016-7435
2016-10-05 16:00:00
zdt
zdt
SAP Netweaver 7.40 SP 12 SCTC_TMS_MAINTAIN_ALOG Command Injection Vulnerability
2016-10-05 00:00:00
SAP Netweaver 7.40 SP 12 SCTC_REFRESH_EXPORT_TAB_COMP Command Injection Vulnerability
2016-10-05 00:00:00
cve
cve
CVE-2016-7435
2016-10-05 16:59:06

0.005 Low

EPSS

Percentile

76.8%

JSON
Related for 1337DAY-ID-25345
packetstorm3nvd1prion1cvelist1zdt2cve1