SAP HANA Log Injection

2015.05.28
Credit: onapsis
Risk: Low
Local: No
Remote: Yes
CWE: CWE-117


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-007: SAP HANA Log Injection Vulnerability 1. Impact on Business ===================== Under certain conditions the SAP HANA XS engine is vulnerable to arbitrary log injection, allowing remote authenticated attackers to write arbitrary information in log files. This could be used to corrupt log files or add fake content misleading an administrator. Risk Level: Medium 2. Advisory Information ======================= - - Public Release Date: 2015-05-27 - - Subscriber Notification Date: 2015-05-27 - - Last Revised: 2015-05-27 - - Security Advisory ID: ONAPSIS-2015-007 - - Onapsis SVS ID: ONAPSIS-00140 - - CVE: CVE-2015-3994 - - Researcher: Fernando Russ, Nahuel D. Snchez - - Initial Base CVSS v2: 4.0 (AV:N/AC:L/Au:S/C:N/I:P/A:N) 3. Vulnerability Information ============================ - - Vendor: SAP A.G. - - Affected Components: SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) - - Vulnerability Class: Improper Output Neutralization for Logs (CWE-117) - - Remotely Exploitable: Yes - - Locally Exploitable: No - - Authentication Required: Yes - - Original Advisory: http://www.onapsis.com/research/security-advisories/SAP-HANA-log-injection-vulnerability-in-extended-application-services 4. Affected Components Description ================================== SAP HANA is a platform for real-time business. It combines database, data processing, and application platform capabilities in-memory. The platform provides libraries for predictive, planning, text processing, spatial, and business analytics. 5. Vulnerability Details ======================== Under certain conditions a remote authenticated attacker can inject log lines performing specially crafted HTTP requests to the vulnerable SAP HANA XS Engine. The vulnerable application is ?grant.xsfunc?, located under: /testApps/grantAccess/grant.xscfunc 6. Solution =========== Implement SAP Security Note 2109818 7. Report Timeline ================== 2014-10-03: Onapsis provides vulnerability information to SAP AG. 2014-11-07: Onapsis provides additional information about the vulnerability to SAP AG. 2015-01-26: Onapsis provides additional information about the vulnerability to SAP AG. 2015-02-10: SAP AG publishes security note 2109818 which fixes the problem. 2015-05-27: Onapsis publishes security advisory. Organizations depend on Onapsis because of our ability to provide reliable expertise and solutions for securing business essentials About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) Comment: Onapsis Research Team iEYEARECAAYFAlVmDLIACgkQz3i6WNVBcDUR4ACeK/opClwvxRdiTBODTGzuNT3T mfQAoMb54pvOSeCMqeMjKokdsN/i8GNL =JXst -----END PGP SIGNATURE-----

References:

http://www.onapsis.com/research/security-advisories/SAP-HANA-log-injection-vulnerability-in-extended-application-services


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top