Security Advisories on SAP, Atlassian, Contao, Metaways Infosystems, Oveleon, PebbleRoad und Webswing

14. November 2024

The pentest professionals at usd HeroLab examined SAP, Atlassian, Contao, Metaways Infosystems, Oveleon, PebbleRoad and Webswing during their pentests.Thereby, several vulnerabilities were identified in the various applications.

The vulnerabilities were reported to the vendors as part of the Responsible Disclosure Policy.

SAP Business Connector & SAP Fiori

Several cross-site scripting vulnerabilities were identified in SAP Business Connector. Attackers were able to execute JavaScript in the context of other users.

Vulnerabilities were discovered in SAP Fiori that allowed attackers to gain unauthorized access to business travel data and authorize arbitrary individuals to approve vacation requests.

IDProductVulnerability Type
usd-2024-0004SAP Business ConnectorImproper Neutralization of Input During Web Page Generation
(CWE-79 'Stored Cross-site Scripting')
usd-2024-0003SAP Business ConnectorImproper Neutralization of Input During Web Page Generation (CWE 79 - 'Reflected Cross-site Scripting')
usd-2023-0042SAP FioriCWE-284: Improper Access Control
usd-2023-0040SAP FioriCWE-862: Missing Authorization
Security Advisories on SAP

Contao & Oveleon

The vulnerabilities found in Contao allowed attackers with access to the backend of Contao to list files on the underlying system and upload any file, which could then be executed on the web server.

A cross-site scripting vulnerability was identified in the cookiebar for Contao developed by Oveleon. This made it possible for attackers to execute JavaScript in the context of other users.

IDProductVulnerability Type
usd-2024-0013Contao CMSUnrestricted Upload of File with Dangerous Type (CWE-434)
usd-2024-0012Contao CMSImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
usd-2024-0009OveleonCWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Security Advisories on Contao und Oveleon

Metaways Infosystems

The identified vulnerability in Tine Groupware allowed unauthenticated attackers to gain access to login data if LDAP was used for user authentication.

IDProductVulnerability Type
usd-2024-0005TineExposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Security Advisories on Metaways

Atlassian

The vulnerability in Jira Cloud allowed system commands to be included in CSV files. Low privileged attackers could insert potentially malicious code into exported CSV files.

IDProductVulnerability Type
usd-2024-0007Jira CloudImproper Neutralization of Formula Elements in a CSV File (CWE 1236)
Security Advisories on Atlassian

PebbleRoad

During their pentests a cross-site scripting vulnerability was found, which allows attackers to execute JavaScript code in the context of other users.

IDProductVulnerability Type
usd-2024-0011GlossarizerImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
Security Advisories zu PebbleRoad

Webswing

A vulnerability that was found in Webswing enabled attackers to overwrite any file on the underlying system and ultimately execute their own code on the system.

IDProductVulnerability Type
usd-2024-0008WebswingRelative Path Traversal (CWE-23)
Security Advisory on Webswing

About usd HeroLab Security Advisories

In order to protect businesses against hackers and criminals, we must ensure that our skills and knowledge are up to date at all times. Therefore, security research is just as important to our work as is building up a security community to promote an exchange of knowledge. After all, more security can only be achieved if many people take on the task.

We analyze attack scenarios, which are changing constantly, and publish a series of Security Advisories on current vulnerabilities and security issues – always in line with our Responsible Disclosure Policy.

Always in the name of our mission: “more security.”

Also interesting:

DORA Countdown: One Month Left Until the Deadline

DORA Countdown: One Month Left Until the Deadline

DORA, the Digital Operational Resilience Act, will fully apply as of 17 January 2025. We have summarized everything you need to know about the EU regulation, preparation and best practices from our news blog.

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

Sunset of PCI DSS v4.0 on 31 December 2024: Get Ready!

PCI DSS v4.0: In March 2024, version 4.0 of the Payment Card Industry Data Security Standard became mandatory after a two-year transition phase. Just a few months later, version 4.0.1 was released as a minor update of the standard, which will become mandatory on...

Top 3 Vulnerabilities in SSO Pentests

Top 3 Vulnerabilities in SSO Pentests

During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents...

Categories

Categories