The pentest professionals at usd HeroLab examined SAP, Atlassian, Contao, Metaways Infosystems, Oveleon, PebbleRoad and Webswing during their pentests.Thereby, several vulnerabilities were identified in the various applications.
The vulnerabilities were reported to the vendors as part of the Responsible Disclosure Policy.
SAP Business Connector & SAP Fiori
Several cross-site scripting vulnerabilities were identified in SAP Business Connector. Attackers were able to execute JavaScript in the context of other users.
Vulnerabilities were discovered in SAP Fiori that allowed attackers to gain unauthorized access to business travel data and authorize arbitrary individuals to approve vacation requests.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0004 | SAP Business Connector | Improper Neutralization of Input During Web Page Generation (CWE-79 'Stored Cross-site Scripting') |
| usd-2024-0003 | SAP Business Connector | Improper Neutralization of Input During Web Page Generation (CWE 79 - 'Reflected Cross-site Scripting') |
| usd-2023-0042 | SAP Fiori | CWE-284: Improper Access Control |
| usd-2023-0040 | SAP Fiori | CWE-862: Missing Authorization |
Contao & Oveleon
The vulnerabilities found in Contao allowed attackers with access to the backend of Contao to list files on the underlying system and upload any file, which could then be executed on the web server.
A cross-site scripting vulnerability was identified in the cookiebar for Contao developed by Oveleon. This made it possible for attackers to execute JavaScript in the context of other users.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0013 | Contao CMS | Unrestricted Upload of File with Dangerous Type (CWE-434) |
| usd-2024-0012 | Contao CMS | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
| usd-2024-0009 | Oveleon | CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Metaways Infosystems
The identified vulnerability in Tine Groupware allowed unauthenticated attackers to gain access to login data if LDAP was used for user authentication.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0005 | Tine | Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) |
Atlassian
The vulnerability in Jira Cloud allowed system commands to be included in CSV files. Low privileged attackers could insert potentially malicious code into exported CSV files.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0007 | Jira Cloud | Improper Neutralization of Formula Elements in a CSV File (CWE 1236) |
PebbleRoad
During their pentests a cross-site scripting vulnerability was found, which allows attackers to execute JavaScript code in the context of other users.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0011 | Glossarizer | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
Webswing
A vulnerability that was found in Webswing enabled attackers to overwrite any file on the underlying system and ultimately execute their own code on the system.
| ID | Product | Vulnerability Type |
|---|---|---|
| usd-2024-0008 | Webswing | Relative Path Traversal (CWE-23) |
About usd HeroLab Security Advisories
In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.
We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues – always in line with our Responsible Disclosure Policy.
Always in the name of our mission: “more security.”
