Vahagn Vardanyan

**Name of the Vulnerable Software and Affected Versions** Eclipse Web Tools Platform versions prior to 3.18 (2020-06) **Description** The issue allows XML and DTD files referring to external entities to be exploited, sending the contents of local files to a remote server when edited or validated. This can occur even when external entity resolution is disabled in the user preferences. **Recommendations** For Eclipse Web Tools Platform versions prior to 3.18 (2020-06), consider updating to a version newer than 3.18 (2020-06) to resolve the issue. As a temporary workaround, restrict the editing and validation of XML and DTD files that refer to external entities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JD Edwards EnterpriseOne Tools version 9.2 **Description** The issue is related to inadequate access control in the Monitoring and Diagnostics component of JD Edwards EnterpriseOne Tools, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful attacks can result in the takeover of JD Edwards EnterpriseOne Tools. **Recommendations** For version 9.2, consider restricting access to the Monitoring and Diagnostics component until a patch is available. As a temporary workaround, consider disabling the use of HTTP protocol for the affected component to minimize the risk of exploitation. Avoid using the affected component for critical operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PeopleSoft Enterprise PT PeopleTools versions 8.54 through 8.56 **Description** The issue allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools, potentially resulting in a takeover. The attacker can exploit this issue easily. **Recommendations** For versions 8.54 through 8.56, update to a version that contains a fix for this issue to prevent exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver JAVA AS 7.4 **Description** The issue is related to an XML external entity (XXE) vulnerability in the UDDI component, which is caused by incorrect restriction of XML links to external objects. This can be exploited by a remote attacker to cause a denial of service (system hang) by sending a crafted XML request. The API endpoint `/uddi/api/replication` is specifically vulnerable to this type of attack. **Recommendations** For SAP NetWeaver JAVA AS 7.4, consider disabling the UDDI component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to the `/uddi/api/replication` API endpoint to minimize the risk of a denial of service attack.

**Name of the Vulnerable Software and Affected Versions** SAP Manufacturing Integration and Intelligence versions 15 **Description** The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the `title` parameter to the "webdynpro/resources/sap.com/xapps~xmii~ui~admin~navigation/NavigationApplication" API endpoint. **Recommendations** For version 15, update to a version that includes the fix for SAP Security Note 2201295 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS Java versions 7.1 through 7.5 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `navigationTarget` parameter to the "/irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester" API endpoint. **Recommendations** For SAP NetWeaver AS Java versions 7.1 through 7.5, consider restricting access to the vulnerable API endpoint until a fix is available. Avoid using the `navigationTarget` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Java AS versions 7.1 through 7.5 **Description** The issue allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to the "http:// tc~monitoring~webservice~web/ServerNodesWSService" API endpoint. **Recommendations** For SAP NetWeaver Java AS versions 7.1 through 7.5, apply the fix provided in SAP Security Note 2235994 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Java AS versions 7.1 through 7.5 **Description** The issue allows remote attackers to obtain sensitive user information by exploiting the chat feature in the Real-Time Collaboration (RTC) services. This can be done by visiting the "/webdynpro/resources/sap.com/tc~rtc~coll.appl.rtc~wd chat/Chat#" endpoint, pressing "Add users", and then performing a search. **Recommendations** For SAP NetWeaver Java AS versions 7.1 through 7.5, consider restricting access to the chat feature in the Real-Time Collaboration (RTC) services until a fix is available. As a temporary workaround, avoid using the search function in the chat feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS JAVA version 7.4 **Description** The issue is related to insufficient access control in the Universal Worklist Configuration component of SAP NetWeaver, allowing remote attackers to obtain sensitive user information via a crafted HTTP request. **Recommendations** For SAP NetWeaver AS JAVA version 7.4, apply the fix as described in SAP Security Note 2256846 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver J2EE Engine version 7.40 **Description** The issue is related to a SQL injection vulnerability in the UDDI server of the SAP NetWeaver J2EE Engine. This vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is due to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to execute arbitrary SQL commands. **Recommendations** For SAP NetWeaver J2EE Engine version 7.40, apply the fix as described in SAP Security Note 2101079 to resolve the SQL injection vulnerability. As a temporary workaround, consider restricting access to the UDDI server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `ns` or `interface` parameter to "ProxyServer/register". The vulnerability exists due to the lack of protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary web or HTML code. **Recommendations** For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2220571 to resolve the issue. As a temporary workaround, consider restricting access to the ProxyServer/register endpoint to minimize the risk of exploitation. Avoid using the `ns` and `interface` parameters in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue in the User Management Engine (UME) of SAP NetWeaver allows attackers to decrypt unspecified data. **Recommendations** For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2191290 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver version 7.4 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to the Runtime Workbench (RWB) and the Pmitest servlet in the Process Monitoring Infrastructure (PMI). **Recommendations** For SAP NetWeaver version 7.4, apply the fixes as described in SAP Security Notes to address the XSS vulnerabilities in the Runtime Workbench and the Pmitest servlet.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver AS Java versions 7.1 through 7.5 **Description** The issue allows remote attackers to read arbitrary files via a .. (dot dot backslash) in the `fileName` parameter to "CrashFileDownloadServlet". This is due to a directory traversal vulnerability. The vulnerability can be exploited by sending a specially crafted malicious GET request to the "/XXX/CrashFileDownloadServlet" endpoint with the `fileName` parameter set to "..". **Recommendations** For SAP NetWeaver AS Java versions 7.1 through 7.5, consider disabling the CrashFileDownloadServlet until a patch is available. Restrict access to the CrashFileDownloadServlet endpoint to minimize the risk of exploitation. Avoid using the `fileName` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver J2EE Engine version 7.40 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is due to a SQL injection vulnerability in the BP FIND JOBS WITH PROGRAM function module. **Recommendations** For SAP NetWeaver J2EE Engine version 7.40, consider restricting access to the BP FIND JOBS WITH PROGRAM function module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAP Mobile Platform 3 **Description** The issue is related to an XML external entity (XXE) vulnerability, which allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request. This is due to incorrect restriction of XML external entity references. The vulnerability can be exploited by a remote attacker using a specially crafted XML request, potentially allowing them to read arbitrary files. **Recommendations** For SAP Mobile Platform 3, consider restricting or disabling the processing of external XML entities to minimize the risk of exploitation until a fix is available. As a temporary workaround, avoid using XML requests that could potentially trigger the vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Afaria (affected versions not specified) SAP Mobile Platform version 2.3 **Description** The issue allows a remote attacker to inject arbitrary JavaScript code by sending a specially crafted request to the Xcomms network service. Additionally, there is an XML external entity (XXE) vulnerability in the application import functionality, which enables remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data. **Recommendations** For SAP Afaria, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SAP Mobile Platform version 2.3, consider restricting the application import functionality to minimize the risk of exploitation until a patch is available.

**Name of the Vulnerable Software and Affected Versions** SAP Afaria version 7.0.6001.5 **Description** The issue is related to the XcListener in SAP Afaria, which does not properly restrict access. This allows remote attackers to have an unspecified impact via a crafted request. **Recommendations** For SAP Afaria version 7.0.6001.5, consider restricting access to the XcListener to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Sybase SQL Anywhere versions 11 and 16 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, via a crafted request. **Recommendations** For SAP Sybase SQL Anywhere versions 11 and 16, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver Portal version 7.31.201109172004 **Description** The issue allows remote attackers to send requests to intranet servers via crafted XML, exploiting an XML external entity (XXE) vulnerability in the XMLValidationComponent. **Recommendations** For SAP NetWeaver Portal version 7.31.201109172004, apply the fix as described in SAP Security Note 2093966 to resolve the issue.