View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

SAP Patches Critical Vulnerability in Diagnostic Agent

"The attacker could obtain full control over an SAP system"

By CBR Staff Writer

SAP has released a patch for a critical vulnerability in its SolMan Diagnostic Agent (SMDAgent), which manages the monitoring and diagnostics events communications between every SAP system and Solution Manager.

The SAP vulnerability, which has a CVSS score of 9.1, was disclosed by security research Yvan Genuer, from Boston-based cybersecurity firm Onapsis. He said that an attacker could bypass the system’s whitelisting processes using a custom crafted payload that would offer “full control” over a given SAP system.

Onapsis explained: “Using its basic functionality, a SolMan admin can execute OS commands through a GAP_ADMIN transaction, in order to perform analysis into an SAP system. Once executed, those commands are validated using a whitelist file located in the SMDAgent installation directory.”

“This SAP vulnerability may allow an attacker to bypass this validation by sending a custom-crafted payload.

“Using this technique the attacker could obtain full control over an SAP system compromising the SMDAgent user, allowing access sensitive information (such as credentials and critical business information), changing application configurations or even stopping SAP services. As previously mentioned, the SDMAgent must be installed in every SAP system in order to perform diagnostic tasks, so the scope of an attack is broad, as it could affect the entire landscape.”

It was not immediately clear what privileges were necessary to begin the exploit. Computer Business Review has requested further information.

The vulnerability, CVE-2019-0330, was one of nine patched by SAP this week.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

The only other (CVE-2019-0328), high priority patch was for a code injection vulnerability in the Extended Computer Aided Test Tool (eCATT). This is used for automatic testing in SAP business processes. Exploitation of this vulnerability has a critical impact on the system’s integrity and availability since malicious commands that could be executed run with a high privileged user.

SAP has patches available now.

See also: Some 50,000 Companies Running Vulnerable SAP Systems: Report

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.