Rewterz Threat Advisory – CVE-2021-44023 – Trend Micro Security consumer family products
December 15, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 15, 2021Rewterz Threat Advisory – CVE-2021-44023 – Trend Micro Security consumer family products
December 15, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 15, 2021Severity
Medium
Analysis Summary
CVE-2021-44235
SAP NetWeaver AS ABAP could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a code injection flaw in two methods of a utility class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the operating system.
CVE-2021-44233
SAP GRC Access Control could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization validation. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVE-2021-44232
SAP SAF-T Frameworkcould allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE-2021-44231
SAP ABAP Server and ABAP Platform code execution could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a conde injection flaw in the text extraction reports. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-42070
SAP 3D Visual Enterprise Viewer is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted Jupiter Tessellation (.jt) file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-42069
SAP 3D Visual Enterprise Viewer is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted Tagged Image File Format (.tif) file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-42068
SAP 3D Visual Enterprise Viewer is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted GIF (.gif) file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-42066
SAP Business One could allow a remote authenticated attacker to obtain sensitive information, caused by the transmission of DB password in plain text. By sniffing the network traffic, an attacker could exploit this vulnerability to obtain user credentials, and use this information to launch further attacks against the affected system.
CVE-2021-42064
SAP Commerce is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to the flexible search java api, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-42063
SAP Knowledge Warehouse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-42061
SAP BusinessObjects Business Intelligence Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Command Execution
- Privilege Escalation
- Unauthorized Access
- Code Execution
- Data Manipulation
- Denial of Service
- Information Disclosure
- Cross-Site Scripting
Affected Vendors
SAP
Affected Products
- SAP NetWeaver AS ABAP 700
- SAP NetWeaver AS ABAP 701
- SAP NetWeaver AS ABAP 702
- SAP NetWeaver AS ABAP 730
- SAP NetWeaver AS ABAP 731
- SAP NetWeaver AS ABAP 740
- SAP NetWeaver AS ABAP 750
- SAP NetWeaver AS ABAP 751
- SAP NetWeaver AS ABAP 752
- SAP NetWeaver AS ABAP 753
- SAP NetWeaver AS ABAP 754
- SAP NetWeaver AS ABAP 710
- SAP NetWeaver AS ABAP 711
- SAP NetWeaver AS ABAP 755
- SAP NetWeaver AS ABAP 756
- SAP GRC Access Control V1100_700
- SAP GRC Access Control V1100_731
- SAP GRC Access Control V1200_750
- SAP SAF-T Framework SAP_FIN 617
- SAP SAF-T Framework SAP_FIN 618
- SAP SAF-T Framework SAP_FIN 720
- SAP SAF-T Framework SAP_FIN 730
- SAP SAF-T Framework SAP_APPL 600
- SAP SAF-T Framework SAP_APPL 602
- SAP SAF-T Framework SAP_APPL 603
- SAP SAF-T Framework SAP_APPL 604
- SAP SAF-T Framework SAP_APPL 605
- SAP SAF-T Framework SAP_APPL 606
- SAP SAF-T Framework S4CORE 102
- SAP SAF-T Framework S4CORE 103
- SAP SAF-T Framework S4CORE 104
- SAP SAF-T Framework S4CORE 105
- SAP 3D Visual Enterprise Viewer 9.0
- SAP Business One 10
- SAP Knowledge Warehouse 7.30
- SAP Knowledge Warehouse 7.31
- SAP Knowledge Warehouse 7.40
- SAP Knowledge Warehouse 7.50
- SAP BusinessObjects Business Intelligence Platform 420
- SAP Commerce 1905
- SAP Commerce 2005
- SAP Commerce 2011
- SAP Commerce 2105
Remediation
Refer to SAP Security Advisory for patch information, available from the SAP Web site.
CVE-2021-44235
CVE-2021-44233
CVE-2021-44232
CVE-2021-44231
CVE-2021-42070
CVE-2021-42069
CVE-2021-42068
CVE-2021-42066
CVE-2021-42064
CVE-2021-42063
CVE-2021-42061