VARIoT IoT vulnerabilities database

The DHCP Relay implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4.7.29 and 9.1.7.4 allows remote attackers to cause a denial of service (interface wedge) via a crafted rate of DHCP packet transmission, aka Bug ID CSCuy66942. Cisco ASA Software is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuy66942. Cisco ASA Software is vulnerable. The platform provides features such as highly secure access to data and network resources

Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652. Vendors have confirmed this vulnerability Bug ID CSCuy75020 ,and CSCuy81652 It is released as.Skillfully crafted by a third party URL Through any Web Script or HTML May be inserted. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID's CSCuy75020 and CSCuy81652. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vendors have confirmed this vulnerability Bug ID CSCuy75036 ,and CSCuy81654 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCuy75036 and CSCuy81654. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCva38349

The Threat Management Console in Cisco Firepower Management Center 5.2.0 through 6.0.1 allows remote authenticated users to execute arbitrary commands via crafted web-application parameters, aka Bug ID CSCva30872. An attacker can exploit this issue to execute arbitrary commands within the context of the affected application. This issue is tracked by Cisco Bug ID CSCva30872

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. This vulnerability CVE-2016-4173 , CVE-2016-4174 , CVE-2016-4222 , CVE-2016-4226 , CVE-2016-4227 , CVE-2016-4228 , CVE-2016-4229 , CVE-2016-4230 , CVE-2016-4231 ,and CVE-2016-4248 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use After Free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Adobe Flash Player is prone to a remote code-execution vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. Automation Device Specification (ADS) TwinCAT Components is a PC real-time controller software product. Beckhoff Embedded PC images have a security vulnerability in versions prior to 2014-10-22 and in the Automation Device Specificatios TwinCAT component. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlRound robin by a third party (brute-force) Access may be gained through an attack. Beckhoff Embedded PC Images is an industrial control system that is installed in the control cabinet and can be functionally configured. A remote attacker can exploit the vulnerability to gain access by implementing a brute force attack. Multiple Beckhoff Products are prone to multiple security-bypass vulnerabilities. Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks

Directory traversal vulnerability in INDAS Web SCADA before 3 allows remote attackers to read arbitrary files via unspecified vectors. INDAS Web SCADA is a web-based SCADA system from INDAS, Serbia. INDAS Web SCADA is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. This may aid in further attacks

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-319 It is published as https://cwe.mitre.org/data/definitions/319.htmlIf a third party intercepts the network, important information may be obtained. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States. The Animas OneTouch Ping device has a security flaw, which stems from the fact that the program does not encrypt data

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote authenticated users to execute arbitrary code via crafted input to the (1) GeneralCmdRequest, (2) PersistantDataRequest, or (3) GetCommandExecRequest class. EMC UnisphereforVMAXVirtualAppliance and SolutionsEnablerVirtualAppliance are products of American company EMC. The former is a set of management devices for the VMAX virtual storage series, and the latter is a set of application application virtual devices. vAppManagerswebapplication is one of the web management interfaces. There are security vulnerabilities in the vAppManagers web application in the 8.x release of EMC UnisphereforVMAXVirtualAppliance and SolutionsEnablerVirtualAppliance8.3.0. EMC vApp Manager is prone to multiple arbitrary command-execution vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application with root privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities EMC Identifier: ESA-2016-121 CVE Identifier: CVE-2016-6645, CVE-2016-6646 Severity Rating: CVSS v3 Base Score: See below for individual CVEs. Details: Unauthenticated Command Execution (CVE-2016-6646) The vApp Managers web application is vulnerable to unauthenticated remote code execution vulnerability. The vApp Manager runs on port 5480 and has a Flash based user interface that uses the AMF protocol to communicate with the server. CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Authenticated Command Execution (CVE-2016-6645) The vApp Managers web application is vulnerable to authenticated remote code execution vulnerability. The vApp Manager runs on port 5480 and has a Flash based user interface that uses the AMF protocol to communicate with the server. CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Resolution: The following products contain the resolution to these vulnerabilities: EMC Unisphere for VMAX Virtual Appliance version 8.3.0 EMC Solutions Enabler Virtual Appliance version 8.3.0 EMC recommends all affected customers upgrade at the earliest opportunity. Link to remedies: Customers can download the software from: https://support.emc.com/downloads/27045_Unisphere-for-VMAX https://support.emc.com/downloads/2071_Solutions-Enabler Credit: EMC would like to thank the following individuals for reporting these vulnerabilities: Travis Emmert from Salesforce (CVE-2016-6646) Michael Cramer from Digital Defense Inc. (CVE-2016-6645, CVE-2016-6646) [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX8qs6AAoJEHbcu+fsE81Zc64H/if2/hsiJwinP8ch2xwjkjXT t+69UqJ0EXACR5Z6n7SssA+oJYfg1BAwOHvx1wDqnCwnMvvRn5nP51stpdtLi5Jp qFrTV8KgczS2+H4WDLmzaTEJXlB2F9HAMesIQZXcpe25DkYIoAUt1WJ2TkC+N92E Sim+oPMRKxwUMCw9gtg0qaCASLlIpxL4e/46ZC9HinMp3BcE3WfCi360Vg92KjOK kQfAtmHabeveP/XICWUpfaA80E3lF5xVzZF9S5bxoRQTD/p2/PNaSorxJHxG7E7g dldAGNQIJxR6I3/CokB3goK6pAADy9uVPANLiYhODUhKSPZnKtGyV40VKk/qtoo= =QHaL -----END PGP SIGNATURE-----

The vApp Managers web application in EMC Unisphere for VMAX Virtual Appliance 8.x before 8.3.0 and Solutions Enabler Virtual Appliance 8.x before 8.3.0 allows remote attackers to execute arbitrary code via crafted input to the (1) GetSymmCmdRequest or (2) RemoteServiceHandler class. EMC vApp Manager is prone to multiple arbitrary command-execution vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary commands in context of the affected application with root privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ESA-2016-121: EMC Unisphere for VMAX and Solutions Enabler Virtual Appliances Multiple Vulnerabilities EMC Identifier: ESA-2016-121 CVE Identifier: CVE-2016-6645, CVE-2016-6646 Severity Rating: CVSS v3 Base Score: See below for individual CVEs. Details: Unauthenticated Command Execution (CVE-2016-6646) The vApp Managers web application is vulnerable to unauthenticated remote code execution vulnerability. The vApp Manager runs on port 5480 and has a Flash based user interface that uses the AMF protocol to communicate with the server. CVSS v3 Base Score: 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) Authenticated Command Execution (CVE-2016-6645) The vApp Managers web application is vulnerable to authenticated remote code execution vulnerability. The vApp Manager runs on port 5480 and has a Flash based user interface that uses the AMF protocol to communicate with the server. CVSS v3 Base Score: 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Resolution: The following products contain the resolution to these vulnerabilities: EMC Unisphere for VMAX Virtual Appliance version 8.3.0 EMC Solutions Enabler Virtual Appliance version 8.3.0 EMC recommends all affected customers upgrade at the earliest opportunity. Link to remedies: Customers can download the software from: https://support.emc.com/downloads/27045_Unisphere-for-VMAX https://support.emc.com/downloads/2071_Solutions-Enabler Credit: EMC would like to thank the following individuals for reporting these vulnerabilities: Travis Emmert from Salesforce (CVE-2016-6646) Michael Cramer from Digital Defense Inc. (CVE-2016-6645, CVE-2016-6646) [The following is standard text included in all security advisories. Please do not change or delete.] Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJX8qs6AAoJEHbcu+fsE81Zc64H/if2/hsiJwinP8ch2xwjkjXT t+69UqJ0EXACR5Z6n7SssA+oJYfg1BAwOHvx1wDqnCwnMvvRn5nP51stpdtLi5Jp qFrTV8KgczS2+H4WDLmzaTEJXlB2F9HAMesIQZXcpe25DkYIoAUt1WJ2TkC+N92E Sim+oPMRKxwUMCw9gtg0qaCASLlIpxL4e/46ZC9HinMp3BcE3WfCi360Vg92KjOK kQfAtmHabeveP/XICWUpfaA80E3lF5xVzZF9S5bxoRQTD/p2/PNaSorxJHxG7E7g dldAGNQIJxR6I3/CokB3goK6pAADy9uVPANLiYhODUhKSPZnKtGyV40VKk/qtoo= =QHaL -----END PGP SIGNATURE-----

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-294 It is published as https://cwe.mitre.org/data/definitions/294.htmlReflex attack by a third party ( Replay attack ) Authentication may be bypassed. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Supplementary information : CWE Vulnerability type by CWE-330: Use of Insufficiently Random Values ( Insufficient random value used ) Has been identified. http://cwe.mitre.org/data/definitions/330.htmlA third party can intercept your network and then perform an authentication handshake to impersonate your meter. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States. A remote attacker could exploit this vulnerability by sniffing the network to forge data

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-290 It is published as https://cwe.mitre.org/data/definitions/290.htmlAuthentication can be bypassed by third parties via custom communication protocols. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States

The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. Attackers can exploit this issue to gain elevated privileges within the context of the operating system. Intel SSD Toolbox 3.1.0 through 3.3.6 are vulnerable

Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack. Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in further attacks. Intel Integrated Performance Primitives (IPP) is a set of programming tools used by Intel Corporation for processing images, signal processing and data. Cryptography is one of the encryption techniques

The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. SAP Netweaver is prone to multiple OS command-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary OS commands in context of the affected application. Onapsis Security Advisory ONAPSIS-2016-044: SAP OS Command Injection in PREPARE_CHECK_CAPACITY 1. Impact on Business ===================== By exploiting this vulnerability an authenticated user will be able to take full control of the system. Risk Level: Critical 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-044 - Onapsis SVS ID: ONAPSIS-00250 - CVE: CVE-2016-7435 - Researcher: Pablo Artuso - Vendor Provided CVSS v3: 9.0 (AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H) - Onapsis CVSS v3: 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP Netweaver 7.40 SP 12 - Vulnerability Class: Improper Neutralization of Special Elements used in an OS Command (CWE-78) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: Yes - Original Advisory: https://www.onapsis.com/research/security-advisories/sap-os-command-injection-preparecheckcapacity 4. Affected Components Description ================================== SAP NetWeaver is the SAP technological integration platform, on top of which, enterprise and business solutions are developed and run. In particular, SCTC is a subpackage of SAP_BASIS which holds technical configurations. 5. 6. Solution =========== Implement SAP Security Note 2260344. 7. Report Timeline ================== - 11/26/2015: Onapsis provides vulnerability information to SAP AG. - 11/27/2015: SAP AG confirms reception of vulnerability report. - 01/12/2016: SAP reports fix is In Process. - 03/08/2016: SAP releases SAP Security Note 2260344 fixing the vulnerability. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited

SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform. Intel BrandedNUCKits is a Mini computer series host kit from Intel Corporation of the United States. A vulnerability is obtained in the BIOS firmware in Intel Branded NUCKits

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. Vendors have confirmed this vulnerability SAP Security Note 2190621 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Impact on Business ===================== By exploiting this vulnerability an attacker could tamper the audit logs, hiding his trails after an attack to a SAP system. Risk Level: High 2. Advisory Information ======================= - Public Release Date: 09/22/2016 - Last Revised: 09/22/2016 - Security Advisory ID: ONAPSIS-2016-036 - Onapsis SVS ID: ONAPSIS-00144 - CVE: CVE-2016-4551 - Researcher: Sergio Abraham - Vendor Provided CVSS v2: 3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) - Onapsis CVSS v2: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 3. Vulnerability Information ============================ - Vendor: SAP AG - Affected Components: SAP NetWeaver 2004s SAP_BASIS 7.00 SP Level 0031 SAPKB70031 SAP_ABA 7.00 SP level 0031 SAPKA70031 - Vulnerability Class: Insufficient Logging (CWE-778) - Remotely Exploitable: Yes - Locally Exploitable: No - Authentication Required: No - Original Advisory: https://www.onapsis.com/research/security-advisories/sap-security-audit-log-invalid-address-logging 4. 5. 6. 7. Report Timeline ================== - 11/07/2014: Onapsis provides vulnerability information to SAP AG. - 09/22/2016: Onapsis Releases Security Advisory. About Onapsis Research Labs =========================== Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community. About Onapsis, Inc. =================== Onapsis provides the most comprehensive solutions for securing SAP and Oracle enterprise applications. As the leading experts in SAP and Oracle cyber-security, Onapsis enables security and audit teams to have visibility, confidence and control of advanced threats, cyber-risks and compliance gaps affecting their enterprise applications. Headquartered in Boston, Onapsis serves over 180 Global 2000 customers, including 10 top retailers, 20 top energy firms and 20 top manufacturers. Onapsis solutions are also the de-facto standard for leading consulting and audit firms such as Accenture, IBM, Deloitte, E&Y, KPMG and PwC. Onapsis solutions include the Onapsis Security Platform, which is the most widely-used SAP-certified cyber-security solution in the market. Unlike generic security products, Onapsis context-aware solutions deliver both preventative vulnerability and compliance controls, as well as real-time detection and incident response capabilities to reduce risks affecting critical business processes and data. Through open interfaces, the platform can be integrated with leading SIEM, GRC and network security products, seamlessly incorporating enterprise applications into existing vulnerability, risk and incident response management programs. These solutions are powered by the Onapsis Research Labs which continuously provide leading intelligence on security threats affecting SAP and Oracle enterprise applications. Experts of the Onapsis Research Labs were the first to lecture on SAP cyber-attacks and have uncovered and helped fix hundreds of security vulnerabilities to-date affecting SAP Business Suite, SAP HANA, SAP Cloud and SAP Mobile applications, as well as Oracle JD Edwards and Oracle E-Business Suite platforms. For more information, please visit www.onapsis.com, or connect with us on Twitter, Google+, or LinkedIn. -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited