| Check Point Reference: |
CPAI-2006-059 |
| Date Published: |
6 Jun 2006 |
| Severity: |
Medium
|
| Last Updated: |
Monday 07 May, 2007 |
| Source: |
CYBSEC |
| Industry Reference: | CVE-2006-0732
CVE-2006-0731 |
| Protection Provided by: |
|
| Who is Vulnerable? | SAP SAP Business Connector 4.6
SAP SAP Business Connector 4.7
SAP Business Connector (BC) Core Fix 7 and prior |
| Vulnerability Description |
SAP Business Connector (SAP BC) is B2B application that enables communication between SAP applications (like SAP R/3) and non-SAP applications. Several vulnerabilities have been reported in the SAP BC that can allow for Phishing scams against the SAP BC administrator, disclosure of sensitive information on the server and compromise of the server. |
| Update/Patch Avaliable | The vendor has reportedly released fixes for the vulnerabilities. See SAP note 906401 and 908349 for details. |
| Vulnerability Details | Several vulnerabilities affect SAP Business Connector:
1. The vulnerability is due to an input validation error in file "adapter-index.dsp" that does not properly validate the user-provided input to the "url" parameter. When a SAP BC administrator will click such a link, the attacker's web-page will be loaded inside an HTML frame. Successful exploitation of this vulnerability would result in Phishing scams against the target user.
2. The vulnerability is due to insufficient sanitization of the 'fullName' parameter that is used to view the various log files created by SAP BC. This issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port. |
Feedback