Onapsis Releases 15 SAP HANA and SAP Trex Critical Security Advisories

Friday, July 22, 2016

The Onapsis Research Lab has issued 15 security advisories detailing critical vulnerabilities in SAP HANA and SAP Trex. These vulnerabilities could be used to gain high privileges allowing unrestricted access to business information, and to modify arbitrary database information. All vulnerabilities outlined in the advisories have been patched by SAP.

The Onapsis Research Lab produces regular SAP security advisories and vulnerability research which provides technical details around these vulnerabilities as well as mitigation information. These most advisories involving SAP HANA and SAP Trex include:

- SAP HANA Arbitrary Audit Injection via HTTP Requests: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding evidence of an attack to a HANA system.

- SAP TREX Remote Directory Traversal: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA Information Disclosure in EXPORT: By exploiting this vulnerability, an attacker could access business information indexed by the SAP system.

- SAP HANA Potential Wrong Encryption: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA SYSTEM User Brute Force Attack: By exploiting this vulnerability, a remote unauthenticated attacker could receive high privileges on the HANA system with unrestricted access to any business information.

- SAP TREX Remote File Read: By exploiting this vulnerability, a remote unauthenticated attacker could access arbitrary business information from the SAP system.

- SAP HANA Potential Remote Code Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.

- SAP HANA Password Disclosure: By exploiting this vulnerability, a remote attacker may obtain clear-text passwords of SAP HANA users and get critical information.

- SAP TREX Remote Command Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.

- SAP TREX Arbitrary File Write: By exploiting this vulnerability an unauthenticated attacker could modify any information indexed by the SAP system.

- SAP HANA User Information Disclosure: By exploiting this vulnerability, a remote unauthenticated attacker could obtain valid usernames that could be used to support more complex attacks.

- SAP TREX Remote Command Execution: By exploiting this vulnerability, an unauthenticated attacker could access and modify any information indexed by the SAP system.

- SAP HANA Arbitrary Audit Injection via SQL Protocol: By exploiting this vulnerability, an attacker could tamper the audit logs, hiding his evidence of an attack to a HANA system.

- SAP TREX TNS Information Disclosure in NameServer: By exploiting this vulnerability, an attacker could discover information relating to servers. This information could be used to allow the attacker to specialize their attacks.

- SAP HANA Get Topology Information Disclosure: By exploiting this vulnerability, a remote unauthenticated attacker could obtain technical information about the SAP HANA Platform that can be used to perform more complex attacks.