SB2019021223 - Multiple vulnerabilities in SAP products
Published: February 12, 2019 Updated: February 18, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2019-0266)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified flaw. A remote attacker can gain unauthorized access to sensitive information on the system.
2) Authentication bypass (CVE-ID: CVE-2019-0261)
The vulnerability allows a remote attacker to bypass authentication.The weakness exists due to missing authentication check. A remote attacker can bypass authentication and perform unauthorized actions.
3) XXE attack (CVE-ID: CVE-2019-0265)
The vulnerability allows a remote high-privileged attacker to conduct XXE-attack.
The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file. A remote attacker can submit a specially crafted input and obtain potentially sensitive information or cause the service to crash.
4) Authorization bypass (CVE-ID: CVE-2019-0258)
The vulnerability allows a remote low-privileged attacker to bypass authorization.The weakness exists due to missing authentication check. A remote attacker can bypass authorization and perform unauthorized actions.
5) Security restrictions bypass (CVE-ID: CVE-2019-0255)
The vulnerability allows a remote low-privileged attacker to bypass security restrictions.The weakness exists due to ABAP Platform provides access to Easy Access Menu. A remote attacker can bypass security restrictions and perform unauthorized actions.
6) Cross-site scripting (CVE-ID: CVE-2019-0254)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
7) Cross-site scripting (CVE-ID: CVE-2019-0251)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) Unrestricted file upload (CVE-ID: CVE-2019-0259)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to unrestricted file upload. A remote attacker can supply specially crafted input, trick the victim into processing it and bypass security restrictions to conduct further attacks.
9) Cross-site request forgery (CVE-ID: CVE-2019-0267)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
10) Information disclosure (CVE-ID: CVE-2019-0256)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to unspecified flaw. A remote attacker can gain unauthorized access to sensitive information on the system.
11) Authorization bypass (CVE-ID: CVE-2019-0257)
The vulnerability allows a remote attacker to bypass authorization.
The vulnerability exists due to missing authentication. A remote attacker can bypass authorization to conduct further attacks.
12) Cross-site scripting (CVE-ID: CVE-2019-0262)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Man-in-the-middle attack (CVE-ID: CVE-2018-8039)
The vulnerability allows a remote authenticated attacker to conduct man-in-the-middle attack on the target system.The weakness exists due to improper verification of TLS hostnames when used with the 'com.sun.net.ssl' implementation. A remote attacker can conduct a man-in-the-middle attack and bypass the hostname verification.
14) Path traversal (CVE-ID: CVE-2018-1002204)
The vulnerability allows a remote attacker to conduct a directory traversal attack on the target system.
The vulnerability exists in the extractDir() function of QuaZIP due to improper validation of files inside an archive file. A remote unauthenticated attacker can trick the victim into extracting an archive file that contains a file using directory traversal characters, and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: This vulnerability is also known as 'Zip-Slip'.
Remediation
Install update from vendor's website.