Vulnerability CVE-2015-2282


Published: 2015-06-02

Description:
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
SAP ERPScan XXE Injection / XSS / Missing Authorization
Darya Maenkova
23.05.2015

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: SAP
Product: Maxdb 
Version: 7.6; 7.5;
Product: Rfc library 
Product: Netweaver rfc sdk 
Product: GUI 
Product: Netweaver java application server 
Product: Netweaver abap application server 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://packetstormsecurity.com/files/131883/SAP-LZC-LZH-Compression-Denial-Of-Service.html
http://seclists.org/fulldisclosure/2015/May/50
http://seclists.org/fulldisclosure/2015/May/96
http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities
http://www.securityfocus.com/archive/1/535535/100/0/threaded
http://www.securityfocus.com/bid/74643

Related CVE
CVE-2019-0301
Under certain conditions, it is possible to request the modification of role or privilege assignments through SAP Identity Management REST Interface Version 2, which would otherwise be restricted only for viewing.
CVE-2019-0298
SAP E-Commerce (Business-to-Consumer) application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP...
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 200...
CVE-2019-0291
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0289
Under certain conditions SAP BusinessObjects Business Intelligence platform (Analysis for OLAP), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0287
Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, allows an attacker to access information which would otherwise be restricted.
CVE-2019-0280
SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalati...
CVE-2019-0285
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.

Copyright 2019, cxsecurity.com

 

Back to Top