Compass Security employees identify and report on a regular basis security vulnerabilities as part of their daily assessments (or just out curiosity).
Stefan Horlacher identified and reported back in June 2013 several flaws in SAP BusinessObjects Explorer. We’re happy to publish today the details as the flaws have been patched and a reasonable grace period given for their deployment:
- Potential information disclosure relating to SBOP Explorer (port scanning), fixed in December 2013 as part of SAP Security Note 1908562
- Cross Site Flashing, fixed in December 2013 as part of SAP Security Note 1908647
- Untrusted XML input parsing possible in SBOP Explorer (XML External Entity), fixed in June 2014 as part of SAP Security Note 1908531
Note that both the port scan as well as the XML External Entity (XXE) attack can be conducted anonymously without prior insider knowledge.
Philipp Promeuschel on his part identified multiple vulnerabilities in neuroML version 1.8.1 in May this year. The related advisory covers a wide range of vulnerabilities allowing a full compromise of the application: