• Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
No Result
View All Result
Home Security

CVE-2021-27616 – SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.

by Sick Codes
June 8, 2021 - Updated on June 12, 2021
in Security
0
SAP Business One Hana Chef Cookbook Vulnerability

SAP Business One Hana Chef Cookbook Vulnerability

Title

SAP Business One Hana (Chef Cookbook) – Exposure of Backup File to an Unauthorized Control Sphere via Insecure Temporary File Storage.

CVE ID

CVE-2021-27616

CVSS Score

7.8

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Internal ID

SICK-2021-029

Vendor

SAP

Product

SAP Business One Hana Chef Cookbooks

Product Versions

0.1.9 and below

Product Versions

8.82, 9.0, 9.1, 9.2, 9.3, 10.0

Vulnerability Details

A vulnerability in the backup functionality of SAP Business One Hana Chef Cookbook 0.1.9 and below uses an insecure temporary folder to create and modify application backup data. A local unprivileged attacker can read and potentially write to /tmp/backup_service allowing access to private backup data.

Vendor: Under certain conditions, SAP Business One Hana Chef Cookbook, versions – 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.

Vendor Response

Vendor has fixed the vulnerability, published a patch, and deprecated the repository.

Proof of Concept

BCKP_PATH_WORKING=/tmp/backup_service

Disclosure Timeline

  • 2021-04-12 – Researcher discover vulnerabilities
  • 2021-04-15 – Vendor deprecates repository
  • 2021-05-10 – Vendor assigns CVE-2021-27616
  • 2021-05-11 – Vendor publishes advisory
  • 2021-06-08 – Researcher publishes advisory

Links

https://launchpad.support.sap.com/#/notes/3049661

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655

https://github.com/SAP/business-one-hana-chef-cookbook

https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-029.md

https://sick.codes/sick-2021-029

Researchers

Sick Codes: https://github.com/sickcodes || https://twitter.com/sickcodes

Miklos Zoltan: https://twitter.com/mzb4455 || https://www.privacyaffairs.com/authors/miklos/

CVE Links

https://sick.codes/sick-2021-029

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27616

https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27616

Next Post
Defcon 2021 Sickcodes Live August 5-8th

Sick Codes @ DEF CON 29 August 5-8 2021!

Run Android on Docker - Dock Droid Docker Android Image

[RELEASE] Android Docker Container - Dock Droid - Run QEMU Android in a Docker! X11 Forwarding! CI/CD for Android x86 in Docker!

CVE-2021-29922 – rust standard library “net” – Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

CVE-2021-29922 - rust standard library "net" - Improper Input Validation of octal literals in rust 1.52.0 std::net and below results in indeterminate SSRF & RFI vulnerabilities.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training

© 2017-2021 Sick.Codes

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form