Rewterz Threat Advisory – Multiple SAP Business Objects, Planning and Consolidation Vulnerabilties
December 15, 2022Rewterz Threat Advisory – Shuckworm APT Group aka Armageddon’s Phishing Campaign To Target Security Services Of Ukraine – Active IOCs
December 15, 2022Rewterz Threat Advisory – Multiple SAP Business Objects, Planning and Consolidation Vulnerabilties
December 15, 2022Rewterz Threat Advisory – Shuckworm APT Group aka Armageddon’s Phishing Campaign To Target Security Services Of Ukraine – Active IOCs
December 15, 2022Severity
Medium
Analysis Summary
CVE-2022-41275 CVSS:6.1
SAP Solution Manager could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
CVE-2022-41261 CVSS:6
SAP Solution Manager could allow a local authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2022-41275
- CVE-2022-41261
Affected Vendors
SAP
Affected Products
- SAP Solution Manager 740
- SAP Solution Manager 750
- SAP Solution Manager 7.20
Remediation
Current SAP customers should refer to SAP note for patch information, available from the SAP Web site (login required).