Leandro Meiners

**Name of the Vulnerable Software and Affected Versions** SAP with Informix versions prior to 700, and 700 up to patch 100 **Description** The issue is related to an unspecified vulnerability in the handling of "insecure environment variable" by the sapdba command, allowing local users to execute arbitrary commands. **Recommendations** For versions prior to 700, apply patch 100 or later to resolve the issue. For version 700 up to patch 100, apply patch 100 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP Web Application Server (WAS) versions 6.10 through 7.00 **Description** The issue concerns an HTTP response splitting vulnerability. It allows remote attackers to inject arbitrary HTML headers via the `sap-exiturl` parameter in the frameset.htm file. **Recommendations** For SAP Web Application Server (WAS) versions 6.10 through 7.00, consider restricting access to the frameset.htm file until a patch is available. Avoid using the `sap-exiturl` parameter in the affected file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP Web Application Server (WAS) versions 6.10 through 7.00 **Description** The issue allows remote attackers to log users out and redirect them to arbitrary web sites. This is achieved via a close command in the `sap-sessioncmd` parameter and a URL in the `sap-exiturl` parameter in the frameset.htm file of the BSP runtime. **Recommendations** For SAP Web Application Server (WAS) versions 6.10 through 7.00, consider restricting access to the `sap-sessioncmd` and `sap-exiturl` parameters to minimize the risk of exploitation. Avoid using the `sap-sessioncmd` parameter with a close command and the `sap-exiturl` parameter with an arbitrary URL in the frameset.htm file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP Web Application Server versions 6.10 through 7.00 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the `sap-syscmd` in `sap-syscmd` and the `BspApplication` field in the SYSTEM PUBLIC test application. **Recommendations** For SAP Web Application Server versions 6.10 through 7.00, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Web Application Server (WAS) version 6.10 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via Error Pages. This could potentially lead to unauthorized actions on the web application. **Recommendations** For SAP Web Application Server (WAS) version 6.10, update the Error Pages configuration to prevent the injection of arbitrary web script or HTML. Consider implementing input validation and output encoding to mitigate the risk of XSS attacks.

**Name of the Vulnerable Software and Affected Versions** Lotus Domino versions R5 and R6 **Description** The issue allows remote attackers to obtain sensitive information by reading the HTML source. This includes the password hash in the `HTTPPassword` field, the password change date in the `HTTPPasswordChangeDate` field, the client platform in the `ClntPltfrm` field, the client machine name in the `ClntMachine` field, and the client Lotus Domino release in the `ClntBld` field. This occurs when "Generate HTML for all fields" is enabled in Lotus Domino R5 and R6 WebMail. **Recommendations** For Lotus Domino versions R5 and R6, disable the "Generate HTML for all fields" option to prevent sensitive data from being stored in hidden form fields.