OSVDB ID: 78536

Title: SAP NetWeaver Resource Access Control Handling Runtime Workbench Access Restriction Bypass

Info

Disclosure

Jan 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

SAP NetWeaver contains a flaw in the implementation of access controls. The issue is due to an error within the handling of access controls of Runtime Workbench resources, which may allow a remote attacker to bypass access restrictions.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, SAP has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

SAP AG

Netweaver

Unspecified

References

Secunia Advisory ID: 47701
Related OSVDB ID: 78537 78538 78539 78540
Other Advisory URL: http://dsecrg.com/pages/vul/show.php?id=408
http://erpscan.com/advisories/dsecrg-12-008-sap-netweaver-rwb-anouthorised-acess/
Vendor URL: http://www.sap.com/
Vendor Specific Advisory URL: https://service.sap.com/sap/support/notes/1567389

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/78536