[ESNC-2013-005] Remote Code Injection in SAP ERP Central Component – Project System

Published Security Advisories

Please refer to https://esnc-wp-qa-01.westeurope.cloudapp.azure.com for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— Project System, which is part of SAP ERP, provides tools to track project costs and resources. It is tightly integrated with Controlling, Human Resources, and Logistics modules. This vulnerability allows execution of arbitrary program code of the…

[ESNC-2013-003] Remote OS Command Execution in SAP BASIS Communication Services

Published Security Advisories

Please refer to https://esnc-wp-qa-01.westeurope.cloudapp.azure.com for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows executing arbitrary operating system commands on the remote SAP system with the rights of the SAP application user. By exploiting this vulnerability, an attacker can take complete control of the SAP application and data…

[ESNC-2013-002] Privilege Escalation in SAP Production Planning and Control

Published Security Advisories

Please refer to https://esnc-wp-qa-01.westeurope.cloudapp.azure.com for the original security advisory, updates and additional information. ———————————————————————— 1. Business Impact ———————————————————————— This vulnerability allows bypassing authority checks that exist before executing a transaction. A transaction in SAP terminology is the execution of a program. By exploiting  this vulnerability, an attacker can also control the transaction to be executed, allowing…