Vahagn Vardanyan

**Nome do software vulnerável e versões afetadas** Versões da Eclipse Web Tools Platform anteriores à 3.18 (2020-06) **Descrição** A vulnerabilidade permite que arquivos XML e DTD que fazem referência a entidades externas sejam explorados, enviando o conteúdo de arquivos locais para um servidor remoto quando editados ou validados. Isso pode ocorrer mesmo quando a resolução de entidades externas estiver desativada nas preferências do usuário. **Recomendações** Para versões da Eclipse Web Tools Platform anteriores à 3.18 (2020-06), considere atualizar para uma versão posterior à 3.18 (2020-06) para resolver o problema. Como solução temporária, restrinja a edição e a validação de arquivos XML e DTD que se referem a entidades externas para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** JD Edwards EnterpriseOne Tools versão 9.2 **Descrição** O problema está relacionado a um controle de acesso inadequado no componente Monitoramento e Diagnóstico do JD Edwards EnterpriseOne Tools, permitindo que um invasor não autenticado com acesso à rede via HTTP comprometa o sistema. Ataques bem-sucedidos podem resultar na tomada de controle do JD Edwards EnterpriseOne Tools. **Recomendações** Para a versão 9.2, considere restringir o acesso ao componente Monitoramento e Diagnóstico até que um patch esteja disponível. Como solução alternativa temporária, considere desativar o uso do protocolo HTTP para o componente afetado, a fim de minimizar o risco de exploração. Evite usar o componente afetado para operações críticas até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise PT PeopleTools versions 8.54 through 8.56 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially resulting in a takeover. The attacker can exploit this issue easily. **Recommendations** For versions 8.54 through 8.56, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver JAVA AS 7.4 **Description** The issue is related to an XML external entity (XXE) vulnerability in the UDDI component, which is caused by incorrect restriction of XML links to external objects. This can be exploited by a remote attacker to cause a denial of service (system hang) by sending a crafted XML request. The API endpoint `/uddi/api/replication` is specifically vulnerable to this type of attack. **Recommendations** For SAP NetWeaver JAVA AS 7.4, consider disabling the UDDI component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to the `/uddi/api/replication` API endpoint to minimize the risk of a denial of service attack.

**Name of the Vulnerable Software and Affected Versions** SAP Manufacturing Integration and Intelligence versions 15 **Description** The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `title` parameter to the "webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication" API endpoint. **Recommendations** For version 15, update to a version that includes the fix for SAP Security Note 2201295 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS Java versions 7.1 through 7.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `navigationTarget` parameter to the "/irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester" API endpoint. **Recommendations** For SAP NetWeaver AS Java versions 7.1 through 7.5, consider restricting access to the vulnerable API endpoint until a fix is available. Avoid using the `navigationTarget` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Java AS versions 7.1 through 7.5 **Description** The issue allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to the "http:// tc~monitoring~webservice~web/ServerNodesWSService" API endpoint. **Recommendations** For SAP NetWeaver Java AS versions 7.1 through 7.5, apply the fix provided in SAP Security Note 2235994 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Java AS versions 7.1 through 7.5 **Description** The issue allows remote attackers to obtain sensitive user information by exploiting the chat feature in the Real-Time Collaboration (RTC) services. This can be done by visiting the "/webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd chat/Chat#" endpoint, pressing "Add users", and then performing a search. **Recommendations** For SAP NetWeaver Java AS versions 7.1 through 7.5, consider restricting access to the chat feature in the Real-Time Collaboration (RTC) services until a fix is available. As a temporary workaround, avoid using the search function in the chat feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS JAVA version 7.4 **Description** The issue is related to insufficient access control in the Universal Worklist Configuration component of SAP NetWeaver, allowing remote attackers to obtain sensitive user information via a crafted HTTP request. **Recommendations** For SAP NetWeaver AS JAVA version 7.4, apply the fix as described in SAP Security Note 2256846 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver J2EE Engine version 7.40 **Description** The issue is related to a SQL injection vulnerability in the UDDI server of the SAP NetWeaver J2EE Engine. This vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is due to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to execute arbitrary SQL commands. **Recommendations** For SAP NetWeaver J2EE Engine version 7.40, apply the fix as described in SAP Security Note 2101079 to resolve the SQL injection vulnerability. As a temporary workaround, consider restricting access to the UDDI server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `ns` or `interface` parameter to "ProxyServer/register". The vulnerability exists due to the lack of protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary web or HTML code. **Recommendations** For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2220571 to resolve the issue. As a temporary workaround, consider restricting access to the ProxyServer/register endpoint to minimize the risk of exploitation. Avoid using the `ns` and `interface` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue in the User Management Engine (UME) of SAP NetWeaver allows attackers to decrypt unspecified data. **Recommendations** For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2191290 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to the Runtime Workbench (RWB) and the Pmitest servlet in the Process Monitoring Infrastructure (PMI). **Recommendations** For SAP NetWeaver version 7.4, apply the fixes as described in SAP Security Notes to address the XSS vulnerabilities in the Runtime Workbench and the Pmitest servlet.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS Java versions 7.1 through 7.5 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot backslash) in the `fileName` parameter to "CrashFileDownloadServlet". This is due to a directory traversal vulnerability. The vulnerability can be exploited by sending a specially crafted malicious GET request to the "/XXX/CrashFileDownloadServlet" endpoint with the `fileName` parameter set to "..". **Recommendations** For SAP NetWeaver AS Java versions 7.1 through 7.5, consider disabling the CrashFileDownloadServlet until a patch is available. Restrict access to the CrashFileDownloadServlet endpoint to minimize the risk of exploitation. Avoid using the `fileName` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver J2EE Engine version 7.40 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the BP FIND JOBS WITH PROGRAM function module. **Recommendations** For SAP NetWeaver J2EE Engine version 7.40, consider restricting access to the BP FIND JOBS WITH PROGRAM function module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAP Mobile Platform 3 **Description** The issue is related to an XML external entity (XXE) vulnerability, which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request. This is due to incorrect restriction of XML external entity references. The vulnerability can be exploited by a remote attacker using a specially crafted XML request, potentially allowing them to read arbitrary files. **Recommendations** For SAP Mobile Platform 3, consider restricting or disabling the processing of external XML entities to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using XML requests that could potentially trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Afaria (affected versions not specified) SAP Mobile Platform version 2.3 **Description** The issue allows a remote attacker to inject arbitrary JavaScript code by sending a specially crafted request to the Xcomms network service. Additionally, there is an XML external entity (XXE) vulnerability in the application import functionality, which enables remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data. **Recommendations** For SAP Afaria, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SAP Mobile Platform version 2.3, consider restricting the application import functionality to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAP Afaria version 7.0.6001.5 **Description** The issue is related to the XcListener in SAP Afaria, which does not properly restrict access. This allows remote attackers to have an unspecified impact via a crafted request. **Recommendations** For SAP Afaria version 7.0.6001.5, consider restricting access to the XcListener to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Sybase SQL Anywhere versions 11 and 16 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, via a crafted request. **Recommendations** For SAP Sybase SQL Anywhere versions 11 and 16, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Portal version 7.31.201109172004 **Description** The issue allows remote attackers to send requests to intranet servers via crafted XML, exploiting an XML external entity (XXE) vulnerability in the XMLValidationComponent. **Recommendations** For SAP NetWeaver Portal version 7.31.201109172004, apply the fix as described in SAP Security Note 2093966 to resolve the issue.