Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в приложениях SAP
дополнено с 4 августа 2014 г.
Опубликовано:22 декабря 2014 г.
Источник:
SecurityVulns ID:13902
Тип:удаленная
Уровень опасности:
7/10
Описание:Несанкционированный доступ, межсайтовый скриптинг, бэкдор-эккаунт, обход аутентификации, незашифрованная передача пароля.
CVE:CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and Compliance (GRC) allow remote authenticated users to gain privileges and execute arbitrary programs via a crafted (1) RFC or (2) SOAP-RFC request.)
Оригинальный текстdocumentOnapsis Research Labs, [Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA (22.12.2014)
 documentESNC Security, [ESNC-2039348] Multiple Critical Security Vulnerabilities in SAP Governance, Risk and Compliance (SAP GRC) (01.12.2014)
 documentAlexandre Herzog, SAP Security Note 1908531 - XXE in BusinessObjects Explorer (14.10.2014)
 documentAlexandre Herzog, SAP Security Note 1908647 - Cross Site Flashing in BusinessObjects Explorer (14.10.2014)
 documentAlexandre Herzog, SAP Security Note 1908562 - Port scanning in BusinessObjects Explorer (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-032] SAP BusinessObjects Persistent Cross Site Scripting (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-029] SAP Business Objects Information Disclosure (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-030] SAP Business Objects Denial of Service via CORBA (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-031] SAP Business Objects Information Disclosure via CORBA (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-027] SAP HANA Multiple Reflected Cross Site Scripting Vulnerabilities (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-028] SAP HANA Web-based Development Workbench Code Injection (14.10.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-026] Missing authorization check in function modules of BW-SYS-DB-DB4 (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-025] Multiple Cross Site Scripting Vulnerabilities in SAP HANA XS Administration Tool (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-024] Hard-coded Username in SAP FI Manager Self-Service (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-023] HTTP verb tampering issue in SAP_JTECHS (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-022] SAP HANA IU5 SDK Authentication Bypass (04.08.2014)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2014-021] SAP HANA XS Missing encryption in form-based authentication (04.08.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород