Monthly Archives: June 2022

News

Cato Networks offers new capability for network-based ransomware protection

Read Time:20 Second

Cloud-native SASE (secure access service edge) provider Cato Networks is offering a new capability for network-based ransomware protection on the Cato SASE Cloud. The Cato cloud will use new machine-learning heuristic algorithms, combined with the platform’s network insights, to detect and prevent the spread of ransomware across a company without having to deploy endpoint agents.

To read this article in full, please click here

Read More

Advisories

Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Read Time:23 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability in
SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Exposing the contents of a directory can lead to a disclosure of useful
information
for the attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also
compromise private or confidential data.

## Advisory Information…

Read More

Advisories

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Read Time:21 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability
in SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.

## Advisory Information

– Public Release Date: 06/21/2022
– Security Advisory ID: ONAPSIS-2022-0006
– Researcher(s): Yvan Genuer

##…

Read More

Advisories

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Read Time:23 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)
vulnerability in SAP Fiori launchpad

## Impact on Business

Impact depends on the victim’s privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).

## Advisory Information

– Public Release Date: 06/21/2022
-…

Read More

Advisories

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Read Time:21 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP
Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality…

Read More

Advisories

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Read Time:22 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)
vulnerability in SAP Focused Run (Real User Monitoring)

## Impact on Business

Impact depends on the victim’s privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.

## Advisory Information

– Public Release Date: 06/21/2022
– Security Advisory ID: ONAPSIS-2022-0003
-…

Read More