Fabian Hagg

**Name of the Vulnerable Software and Affected Versions** SAP Cloud Connector version 2.0 **Description** The issue is related to improper validation of certificates in SAP Cloud Connector, allowing an attacker to impersonate genuine servers and break mutual authentication. This can lead to the interception of requests, potentially allowing the viewing or modification of sensitive information. The vulnerability affects the confidentiality and integrity of protected information, but there is no impact on system availability. **Recommendations** For SAP Cloud Connector version 2.0, update the software to a version that properly validates certificates, ensuring mutual authentication is maintained to prevent impersonation attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Host Agent (SAPOSCOL) version 7.22 SAP BusinessObjects Business Intelligence Platform versions 420, 430 **Description** The issue allows an attacker to escalate privileges for themselves by utilizing files created by saposcol under certain conditions. This may lead to a high impact on confidentiality, as sensitive information could be exposed to unauthorized actors over the network with high privileges. **Recommendations** For SAP Host Agent (SAPOSCOL) version 7.22, consider restricting access to files created by saposcol to prevent privilege escalation. For SAP BusinessObjects Business Intelligence Platform versions 420, 430, restrict access to sensitive information to minimize the risk of exposure to unauthorized actors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver and ABAP Platform versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP ROUTER 7.53, 7.22 **Description** The issue is related to errors in authorization in the saprouttab file, which can allow an unauthenticated attacker to execute SAProuter administration commands remotely. This could highly impact system availability, for example, by stopping the SAProuter. **Recommendations** For versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, consider restricting access to the saprouttab file to prevent unauthorized modifications. For versions KRNL64NUC 7.49, KRNL64UC 7.49, review the configuration of the route permission table to ensure proper authorization. For versions SAP ROUTER 7.53, 7.22, limit remote access to SAProuter administration commands to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP (Reconciliation Framework) versions 700 through 75F Description: A function module in the Reconciliation Framework of SAP NetWeaver AS ABAP allows a high-privileged attacker to inject code that can be executed by the application. This could lead to the deletion of critical information and potentially make the SAP system completely unavailable. Recommendations: For versions 700 through 75F, consider temporarily restricting access to the vulnerable function module until a patch is available. As a mitigation measure, limit the privileges of users who can interact with this module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755 **Description** The issue is related to the function module `SRM RFC SUBMIT REPORT` which fails to validate authorization of an authenticated user, thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. **Recommendations** For SAP NetWeaver AS ABAP and ABAP Platform versions 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, consider disabling the `SRM RFC SUBMIT REPORT` function module as a temporary workaround until a patch is available. Restrict access to the `SRM RFC SUBMIT REPORT` function module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BW Database Interface (affected versions not specified) **Description** The issue is related to the BW Database Interface not performing necessary authorization checks for an authenticated user. This results in an escalation of privileges, allowing the user to read out any database table. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Business Warehouse versions 700 through 750, 782 SAP BW/4HANA versions 100 through 200 **Description** The issue allows a low-privileged attacker to inject code using a remote-enabled function module over the network. This can lead to the creation of a malicious ABAP report, which can be used to access sensitive data, inject malicious UPDATE statements that could impact the operating system, or disrupt the functionality of the SAP system, potentially leading to a Denial of Service. **Recommendations** For SAP Business Warehouse versions 700 through 750, 782, update to a version that includes the fix for this issue. For SAP BW/4HANA versions 100 through 200, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP BW Database Interface (affected versions not specified) **Description** The issue allows an attacker with low privileges to execute crafted database queries, exposing the backend database. This is due to the database executing SQL commands without properly sanitizing untrusted data, leading to a SQL injection issue that can fully compromise the affected SAP system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP AS ABAP (SAP Landscape Transformation) versions 2011 1 620 through 2020 SAP S4 HANA (SAP Landscape Transformation) versions 101 through 105 **Description** The issue allows a high privileged user to execute a RFC function module to which access should be restricted. Due to missing authorization, an attacker can get access to some sensitive internal information of the vulnerable SAP system or make the vulnerable SAP systems completely unavailable. **Recommendations** For SAP AS ABAP (SAP Landscape Transformation) versions 2011 1 620 through 2020, restrict access to the RFC function module to minimize the risk of exploitation. For SAP S4 HANA (SAP Landscape Transformation) versions 101 through 105, restrict access to the RFC function module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.