Vulnerabilities affecting SAP HANA and SAP Trex put 10,000 customers at risk
Onapsis released new security advisories detailing vulnerabilities in SAP HANA and SAP Trex. Included in the advisories is a critical risk vulnerability that could be used to gain high privileges, allowing unrestricted access to business information, and to modify arbitrary database information.
These vulnerabilities pose a potential risk to over 10,000 SAP customers running different versions of SAP HANA.
“This set of advisories is unique as most of the vulnerabilities attackers can leverage are undervalued. Meaning, the way in which they can be exploited is not always obvious and can go undetected. For example, one of the critical vulnerabilities that can be exploited creates an error message which includes sensitive information about its environment, users, or associated data,” said Sebastian Bortnik, Head of Research, Onapsis.
SAP HANA, at the heart of SAP’s cloud offerings, is the next-generation database and application platform. It includes capabilities to transform transactions, analytics, text analysis, predictive and spatial processing so businesses can operate in real-time. Depending on an organization’s use of these platforms, “critical risk” vulnerabilities could be used by cyber attackers to gain access to mission-critical information including customer data, product pricing, financial statements, employee information, supply chains, business intelligence, budgeting, planning and forecasting.
Vulnerabilities affecting SAP HANA
Critical risk
- SAP HANA SYSTEM User Brute Force Attack: By exploiting this vulnerability, a remote unauthenticated attacker could receive high privileges on the HANA system with unrestricted access to any business information.
High risk
- SAP HANA Arbitrary Audit Injection via HTTP Requests: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system.
- SAP HANA Arbitrary Audit Injection via SQL Protocol: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system.
- SAP HANA Potential Remote Code Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
- SAP TREX Remote Code Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
Vulnerabilities affecting SAP TREX
Critical risk
- SAP TREX Remote Command Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.
High risk
- SAP TREX Arbitrary File Write: By exploiting this vulnerability an unauthenticated attacker could modify any information indexed by the SAP system.
- SAP TREX Remote Directory Traversal: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.
- SAP TREX Remote File Read: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.