The cybersecurity community is buzzing with concerns of multichannel phishing attacks, particularly on smishing and business text compromise, as hackers turn to mobile to launch attacks.

As security conferences return to in-person venues, the cybersecurity community is buzzing with concerns over multichannel phishing attacks, with mobile phishing the biggest concern as hackers turn to mobile to launch smishing and business text compromise attacks.

By moving completely to the cloud, apps and browsers are all we need to communicate with work, family, and friends. While most of us are aware of the cybersecurity guardrails, we are not infallible. We can be lured into providing personal information and credentials or installing malicious apps that can undermine even the most sophisticated cybersecurity defenses. Our reliance on mobile devices with little or no protection from malicious attacks leaves personal and company data at risk.

Multichannel phishing attacks are on the rise, and more breaches are successful because hackers are delivering very targeted attacks on massive scales — powered by automation technology, taking advantage of human psychology, and exploiting our use of apps, browsers, and multiple communications channels.

Humans are the most strategic cybersecurity entry points into an organization because criminals can use psychology to fool us into overriding or undermining even the most sophisticated cybersecurity protection setups. And today's sophisticated attacks are essentially invisible to the human eye. Gone are the poorly spelled phishing emails of yesterday. Today's human hacking can fool even the most security-aware professional to follow a malicious URL or log in to an illegitimate site and expose data and a network. For the attacker, it's much more straightforward and a lower cost to attack a human than a network or a well-defended machine.

'Furthermore, our world — and the way we use technology — has been dramatically altered. This has further increased the danger of human hacking attacks. Post-pandemic, a large percentage of the workforce will continue to have some hybrid remote/office working arrangements — meaning that we're mixing our personal and professional worlds online more than ever. That opens us to more threats, especially when human hacking attacks are coming from legitimate infrastructure. We've turned to interacting through apps and working on browsers. Using collaboration channels like Zoom and Slack and doing nearly everything through our smartphones has opened more attack vectors.

Gone are the days when phishing emails were easily spotted due to low-quality logos, poor grammar, or just the totally unbelievable nature of the email. Now, attackers are well-equipped and very strategic about their attacks, and the believable SMS text or social media invite from a cybercriminal is far more dangerous.

Then, the sheer number of these channel users multiplies the risk equation for enterprises. Add to this the fact that attacks have evolved to the point where a single attack will use multiple channels to convince the users that they are legitimate. There is also the major issue of underestimating the risk of the human factor — today's attacks are simply impossible to detect with human-only views, assessments, and forensics.

**What to Watch For**

Now, especially as the browser is becoming the operating system of the enterprise, the number of channels for attack has increased. Browser extensions and plug-ins are available through very respected big brands, including Android and Apple, but they are not always safe. Also, browser search results can become embedded with attacks, attracting the attention of the user with something that they care about and are more likely to click on. And of course, common Microsoft 365 apps and enterprise productivity apps such as LinkedIn, Dropbox, and WhatsApp are open to phishing abuse.

Since human hacking is a unique problem, we need to focus on people in order to resolve it. Training people to recognize threats is important, but the attacks are too hard to spot by users for training employees to be cautious to be enough security. Asking people to forward suspicious requests to IT is a help but not a cure. There are simply too many convincing attacks coming in on all channels for IT to keep up with those that are forwarded.

There are better ways. One, recognize that cybercriminals are pointing attacks at the people inside organizations and then defend them — on every single digital channel. Two, take advantage of AI and machine learning to identify threats and then use that protection on endpoints in an organization's network — from employee smartphones to Zoom accounts.

In a world where we're trying to stay one step ahead of the hackers, it's time to adequately recognize the magnitude of the multichannel challenge on the horizon — and a new approach that bolsters the people who are under attack.  
**  
About the Author**

    

Patrick Harr is CEO of SlashNext, the authority in multichannel phishing and human hacking protection across email, Web, and mobile.

The Risk of Multichannel Phishing Is on the Horizon

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2020-13950: httpd: mod_proxy NULL pointer dereference


**Synopsis**

Low: httpd:2.4 security update

**Type/Severity**

Security Advisory: Low

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8.  

Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.  

Security Fix(es):  

*   httpd: mod\_proxy NULL pointer dereference (CVE-2020-13950)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Solution**

For details on how to apply this update, which includes the changes described in this advisory, refer to:  

https://access.redhat.com/articles/11258

After installing the updated packages, the httpd daemon will be restarted automatically.

**Affected Products**

*   Red Hat Enterprise Linux for x86\_64 8 x86\_64
*   Red Hat Enterprise Linux for x86\_64 - Extended Update Support 8.6 x86\_64
*   Red Hat Enterprise Linux Server - AUS 8.6 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems 8 s390x
*   Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
*   Red Hat Enterprise Linux for Power, little endian 8 ppc64le
*   Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
*   Red Hat Enterprise Linux Server - TUS 8.6 x86\_64
*   Red Hat Enterprise Linux for ARM 64 8 aarch64
*   Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 8.6 x86\_64

**Fixes**

*   BZ - 1966738 - CVE-2020-13950 httpd: mod\_proxy NULL pointer dereference

RHSA-2022:5163: Red Hat Security Advisory: httpd:2.4 security update

Most organizations still rely on virtual private networks for secure remote access.

Zero-trust initiatives may be on the security roadmap for most enterprises today, but remote-access architecture today is still highly dependent upon virtual private network (VPN) technology.

Newly published data shows that approximately 90% of organizations still utilize VPN in some capacity to secure remote access for their users. Meantime, across a broad population of IT and security practitioners, fewer than one in three say they have plans to — or have begun to — roll out zero-trust network access (ZTNA) to supplant VPN.

The results are from a survey conducted by Sapio Research on behalf of Banyan Security, which reached out to 1,025 IT respondents, focusing the bulk of the survey on the 410 who were aware of both VPN and ZTNA. The study shows that among that group, a full 97% reported that adopting a zero-trust model is a priority for them. Slightly over half of those aware of both VPN and ZTNA said they've begun to roll out zero-trust solutions.

ZTNA is a term Gartner started championing in 2019 to describe in broad strokes a range of products and services that create logical access boundaries around applications or sets of applications using a combination of identity- and context-based factors. The firm predicted at the time that by next year, 2023, approximately 60% of enterprises will start phasing out their VPNs in favor or ZTNA.

"VPNs are just a band aid on a fundamentally broken network security model. And ultimately this has to be replaced," Neil MacDonald, vice president and distinguished analyst for Gartner, said in a recent analysis of zero-trust strategies in 2022. "We need to invert the model. Instead of connecting and then worrying about authentication, we need to authenticate first, then connect. This is where you see many of the tenets of zero-trust networking coming in."

**The Problem With VPNs**

One of the biggest problems with VPN technology is the fact that it "allows for network-level access to an enterprise," explains Deloitte's Andrew Rafla, who leads the consultancy's zero-trust offering.

In contrast, ZTNA restricts remote users' access to only the specific applications and assets they need and nothing more, says Rafla. ZTNA is one important component of a broader zero-trust architecture, he says, which also should include a centralized and federated identity store, privileged access management controls, data protection, network segmentation, device security, and telemetry and analytics.

"General cyber hygiene fundamentals should not be overlooked as well; in order to realize the true benefits of the zero-trust model, an organization should have a solid grasp on its IT asset management, configuration and vulnerability management, and data classification," Rafla says.

Given these weighty requirements to truly grab the zero-trust brass ring, it should come as no surprise that many organizations can feel overwhelmed by it all. Over two-thirds of current VPN users report in this survey that implementing a ZTNA strategy is a large to very large undertaking.

The biggest constraint for VPN-dependent organizations that keep them from transitioning to ZTNA are cost/budget constraints, which was named by 62%. Approximately 13% of them say zero trust is confusing and they don’t even know where to start.

Interestingly, though, among those who have adopted ZTNA, the implementation timeframes may not be as scary as those clinging to VPN may think. The study shows that the mean time to deployment was about 11.5 months. This may be a good lesson in the fact that an organization can and should roll out zero-trust components in a phased manner, and that ZTNA for remote access may be an accessible first step in the journey.

VPNs Persist Despite Zero-Trust Fervor

After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.

The cybercriminals behind the RIG Exploit Kit earlier this year traded out the credential-stealer Trojan Raccoon Stealer after its lead developer was killed in the Russian invasion of Ukraine.

According to analysts with Bitdefender, the cybercrime group behind the RIG Exploit Kit was able to quickly substitute in the tried-and-true financial Trojan Dridex, which has a range of functions, including keylogging and the ability to steal screenshots. 

"The move to Dridex was a strategic decision to save the operation," Bogdan Botezatu, director, Threat Research and Reporting at Bitdefender, tells Dark Reading. "Cybercriminals running this campaign had to move to a different option or lose the money they had already invested in renting out access to the RIG EK panel. Dridex is a powerful information-stealer that, to some extent, provides similar functionality to Raccoon. Unlike Raccoon, it is still operational and can offer 'business continuity' to the cybercriminals behind this campaign."

The RIG Exploit Kit lets cybercriminals quickly swap out payloads to avoid detection or in case of compromise, according to researchers at Bitdefender, making adaptability part of its product. 

"This once again demonstrates that threat actors are agile and quick to adapt to change," the analysts wrote in their report on the malware campaign. 

"In order to be prepared, defenders should patch the known vulnerabilities in software used across the organization and monitor for the indicators of compromise (IOCs), Botezatu counsels. "A security solution with machine-learning capabilities can detect and block the payload at various execution stages as well."

It's also worth noting that Racoon is likely to make a reappearance, Botezatu notes.

"The Raccoon group has hit a temporary stop with the death of one of its operators, but we believe the team will regroup," he says. "Usually, such groups suspend their operations when teams get arrested or when they voluntarily decide to shift to a more lucrative business. Loss of a team member is a temporary road block and we presume that they will get back online as soon as they manage to recruit a replacement."

RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex

SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from a directory traversal vulnerability.

    # Onapsis Security Advisory 2022-0007: Directory Traversal vulnerability inSAP Focused Run (Simple Diagnostics Agent 1.0)## Impact on BusinessExposing the contents of a directory can lead to a disclosure of usefulinformationfor the attacker to devise exploits, such as creation times of files or anyinformation that may be encoded in file names. The directory listing mayalsocompromise private or confidential data.## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0007- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - SIMPLE\_DIAGNOSTICS\_AGENT 1.0  (Check SAP Note 3159091 for detailed information on affected releases)- Vulnerability Class: CWE-548- CVSS v3 score: 2.7 AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N- Risk Level: Low- Assigned CVE: CVE-2022-27657- Vendor patch Information: SAP Security NOTE 3159091## Affected Components DescriptionSAP Focused Run is a spin-off from SAP Solution Manager concentrating on thespecific needs of high volume system and application monitoring, alertingandanalytics needs.(https://support.sap.com/en/alm/sap-focused-run/expert-portal/)## Vulnerability DetailsA path traversal exists in the Simple Diagnostic Agent service listening, bydefault, on localhost port 3005. A local attacker, without particularprivileges,can use it to display content of the directory as ```sapadm``` OS user.Leading toinformation disclosure of potentially sensitive data.## SolutionSAP has released SAP Note 3159091 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3159091.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/02/2022: SAP provides internal ID - 04/12/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-april-2022-focus-spring4shell-and-sap-mii- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27657- Vendor Patch:https://launchpad.support.sap.com/#/notes/3159091## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP FRUN Simple Diagnostics Agent 1.0 Directory Traversal

SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from an information disclosure vulnerability.

    # Onapsis Security Advisory 2022-0006: Information Disclosure vulnerabilityin SAP Focused Run (Simple Diagnostics Agent 1.0)## Impact on BusinessRunning unnecessary services, like a jetty webserver, may lead to increasedsurface area for an attack and also it unnecessarily exposes underlyingvulnerabilities.## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0006- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - SIMPLE\_DIAGNOSTICS\_AGENT 1.0  (Check SAP Note 3147102 for detailed information on affected releases)- Vulnerability Class: CWE-200- CVSS v3 score: 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N- Risk Level: Medium- Assigned CVE: CVE-2022-22547- Vendor patch Information: SAP Security NOTE 3147102## Affected Components DescriptionSAP Focused Run is a spin-off from SAP Solution Manager concentrating on thespecific needs of high volume system and application monitoring, alertingandanalytics needs.(https://support.sap.com/en/alm/sap-focused-run/expert-portal/)## Vulnerability DetailsThe Simple Diagnostic Agent exposed a Jetty Web server on a random port,between9000-65535. This service does not handle any API or servlets, as well asdoesnot have any incoming or outcoming network communication. This allowsinformation gathering which could be used to exploit future open sourcesecurityexploits.## SolutionSAP has released SAP Note 3147102 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3147102.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/02/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22547- Vendor Patch:https://launchpad.support.sap.com/#/notes/3147102## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP FRUN Simple Diagnostics Agent 1.0 Information Disclosure

The SAP Fiori launchpad suffers from a cross site scripting vulnerability. Various component versions are affected.

    # Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)vulnerability in SAP Fiori launchpad## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesiredrequests in the SAP System (CSRF) as well as redirected to arbitrary website(Open Redirect).## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0005- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - SAP\_UI 753  - SAP\_UI 754  - SAP\_UI 755  - SAP\_UI 756  - SAP\_BASIS 787  (Check SAP Note 3149805 for detailed information on affected releases)- Vulnerability Class: CWE-79- CVSS v3 score: 8.2 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N- Risk Level: High- Assigned CVE: CVE-2022-26101- Vendor patch Information: SAP Security NOTE 3149805## Affected Components DescriptionSAP Fiori launchpad is the entry point to ABAP platform for SAP Fiori appsonmobile and desktop devices.## Vulnerability DetailsDuring the navigation in SAP Fiori Launchpad, it is possible to provide acustomtheme name using the url parameter ```sap-theme```. This parameter has anoption to provide the path to a .css file, which it is used directly in thepagegeneration. This optional input is not sufficiently sanitized, allowing anattacker tocontrol and craft any kind of html payload in the page requested.## SolutionSAP has released SAP Note 3149805 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3149805.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/09/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26101- Vendor Patch:https://launchpad.support.sap.com/#/notes/3149805- Vendor FAQ:https://launchpad.support.sap.com/#/notes/3157089## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP Fiori Launchpad Cross Site Scripting

SAP Focused Run Simple Diagnostics Agent version 1.0 suffers from a missing authentication vulnerability.

    # Onapsis Security Advisory 2022-0004: Missing Authentication check in SAPFocused Run (Simple Diagnostics Agent 1.0)## Impact on BusinessBecause the Simple Diagnostic Agent (SDA) handles several importantconfiguration and critical credential information, a successful attackcould lead to the control of the SDA, and therefore affect:  * Integrity, by modifying the configuration.  * Availability, by stopping the service.  * Confidentiality and Scope changing, by decrypting all storedcredentials. Thenaccessing the SAP Focused Run system as well as the SAP system managed bytheSDA.## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0004- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - SIMPLE\_DIAGNOSTICS\_AGENT 1.0  (Check SAP Note 3145987 for detailed information on affected releases)- Vulnerability Class: CWE-306- CVSS v3 score: 9.3 AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H- Risk Level: Critical- Assigned CVE: CVE-2022-24396- Vendor patch Information: SAP Security NOTE 3145987## Affected Components DescriptionSAP Focused Run is a spin-off from SAP Solution Manager concentrating on thespecific needs of high volume system and application monitoring, alertingandanalytics needs.(https://support.sap.com/en/alm/sap-focused-run/expert-portal/)## Vulnerability DetailsVulnerability 1:No authentication is required to interact with the Simple Diagnostic Agenthttpservice on port 3005 by default. Therefore, unauthenticated attackers willhavefull access to either administrative or other privileged functionalities.Leveragingthis access, they would be able to read, modify or delete sensitiveinformation andconfigurations with sapadm OS user privileges.Vulnerability 2:A path traversal exists in the Simple Diagnostic Agent service listening, bydefault, on localhost port 3005. A local attacker, without particularprivileges,can abuse this flaw in order to display the content of any OS directorywhich ```sapadm```has access to. Leading to information disclosure of potentially sensitivedata.## SolutionSAP has released SAP Note 3145987 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3145987.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/02/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published.## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24396- Vendor Patch:https://launchpad.support.sap.com/#/notes/3145987## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP FRUN Simple Diagnostics Agent 1.0 Missing Authentication

SAP Focused Run versions 2.00 and 3.00 suffer from a cross site scripting vulnerability.

    # Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)vulnerability in SAP Focused Run (Real User Monitoring)## Impact on BusinessImpact depends on the victim's privileges. In most cases, a successfulattackallows an attacker to hijack a session, or force the victim to performundesired requestin SAP Focused Run.## Advisory Information- Public Release Date: 06/21/2022- Security Advisory ID: ONAPSIS-2022-0003- Researcher(s): Yvan Genuer## Vulnerability Information- Vendor: SAP- Affected Components:  - FRUN 2.00  - FRUN 3.00  (Check SAP Note 3147283 for detailed information on affected releases)- Vulnerability Class: CWE-79- CVSS v3 score: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N- Risk Level: Medium- Assigned CVE: CVE-2022-24399- Vendor patch Information: SAP Security NOTE 3147283## Affected Components DescriptionSAP Focused Run is a spin-off from SAP Solution Manager concentrating on thespecific needs of high volume system and application monitoring, alertingandanalytics needs.(https://support.sap.com/en/alm/sap-focused-run/expert-portal/)## Vulnerability DetailsThe SAP Focused Run REST service ```/sap/bc/rest/rumupload``` do notsufficiently sanitize an input in the multipart/form-data leading toCross-SiteScripting (XSS) vulnerability from the error page generated.## SolutionSAP has released SAP Note 3147283 which provide patched versions of theaffected components.The patches can be downloaded fromhttps://launchpad.support.sap.com/#/notes/3147283.Onapsis strongly recommends SAP customers to download the relatedsecurity fixes and apply them to the affected components in order toreduce business risks.## Report Timeline - 01/28/2022: Onapsis sends details to SAP - 02/02/2022: SAP provides internal ID - 03/08/2022: SAP releases SAP Note fixing the issue. - 06/21/2022: Advisory published.## References- Onapsis blogpost:https://onapsis.com/blog/sap-security-patch-day-march-2022-sap-focused-run-affected-several-vulnerabilities- CVE Mitre:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24399- Vendor Patch:https://launchpad.support.sap.com/#/notes/3147283## About Onapsis Research LabsOnapsis Research Labs provides the industry analysis of key securityissues that impact business-critical systems and applications.Delivering frequent and timely security and compliance advisories withassociated risk levels, Onapsis Research Labs combine in-depth knowledgeand experience to deliver technical and business-context with soundsecurity judgment to the broader information security community.Find all reported vulnerabilities athttps://github.com/Onapsis/vulnerability_advisories## About Onapsis, Inc.Onapsis protects the mission-critical applications that run the globaleconomy,from the core to the cloud. The Onapsis Platform uniquely deliversactionableinsight, secure change, automated governance and continuous monitoring forcriticalsystems—ERP, CRM, PLM, HCM, SCM and BI applications—from leading vendorssuch as SAP,Oracle, Salesforce and others, while keeping them protected and compliant.For more information, connect with us on Twitter or LinkedIn, or visit us athttps://www.onapsis.com.-- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

SAP FRUN 2.00 / 3.00 Cross Site Scripting

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

**01**

****About Us.****

**We provide state-of-the-art solutions based on the most recent breakthroughs in the field of semantic technologies, to enable a direct and effective management of enterprise data.**

**We support organizations in dealing with the challenges of data governance, production, and management through solutions based on the groundbreaking Ontology-based Data Management technology.**

**OBDA Systems is an innovation startup of Sapienza University of Rome, and a company of the Almawave Group.**

****02********Ontology-based Data**  
**Management********A three-level data virtualization technology that allows data access, integration, quality checking, and governance through an ontology or a knowledge graph.****

**The Ontology Layer**

**A knowledge graph that describes the business domain: a user-friendly, machine-readable model of enterprise data.**

**A high-level representation of the business domain through which the data is accessed.**

**Data access, integration, and quality checking are enhanced by exploiting automatic reasoning capabilities over the graph**.

**The Mapping Layer**

**Semantic Links between the ontology and the enterprise data sources**.

**SQL queries on the databases are connected to the ontology entities to enable virtual data access.**

**The mappings allow separation of the physical data structure from the ontology model, and bridge the semantic gap between the two.**

**The Data Layer**

**Enterprise data sources and applications.**

**No new custom databases are required. No ETL processes. Zero impact on the pre-existing enterprise data layer.**

**Pay-as-you-go model: connect new data sources to the ontology by mapping them to instantly gain integration.**

****Simple****

**Access data through simple business questions over the ontology, regardless of where and how the data is stored.**

****Efficient****

**Reduces turn-around-time for key business decisions and drops the cost of querying the data.**

**Agile**

**The virtual data-to-ontology mappings require no ETL processes or custom database restructuring.**

**Flexible**

**A pay-as-you-go approach to building the ontology and mapping the data for any business use case.**

03

****Solutions****

**Simplifying data governance, boosting information management services, and getting the best out of your data.**

**Semantic Data Access and Integration**

******The ontological representation of the enterprise data simplifies the work of the domain experts, who can use business concepts to interact with integrated data sources for the purpose of data governance and analytics.******

**Enterprise Knowledge Graphs**

****Knowledge Graphs and ontologies give meaning to enterprise data through the business language.  
OBDA Systems provides tools and expertise that help organizations build and maintain their own Enterprise Knowledge Graphs.****

**Data Quality Checking and Governance**

********The ontology provides the business rules to measure the quality of enterprise data. OBDA System’s tools leverage these rules to help identify and correct data quality issues, and improve the value and reliability of the enterprise data sources**.******

**Preparation and Publication of 5\* Linked Open Data**

************Preparation, annotation and publication of 5 star Linked Open Data through a simple query-driven pipeline. Support for W3C standards, data lineage tracing, privacy and protection management through the ontology model.************

**0**4

****Products****

****The Mastro Suite: OBDM tools for the end-user and the designer.****

****The motor behind OBDM: an ontology reasoning system with virtual query answering capabilities over enterprise data sources and automatic data quality verification with respect to the ontology business rules.****

****The Semantic Knowledge Graph Platform: Monolith is the gateway to accessing Mastro’s features, while also allowing ontology exploration, knowledge graph creation, data mapping visualization and editing.****

****An Open Source, free-to-use, completely graphical ontology editor with syntactic and semantic reasoning capabilities, to ensure quick, safe, and easy ontology creation.****

**05**

****Our Team**  
**

****Maurizio Lenzerini****

**Co-Founder & President**

****Raniero Romagnoli****

**CEO**

****Valerio Santarelli****

**Co-Founder & CTO**

****Marco Ruzzi****

**Co-Founder & Lead Developer**

****Lorenzo Lepore****

**Co-Founder & Senior R&D Engineer**

****Giacomo Ronconi****

**Senior R&D Engineer**

****Giuseppe De Giacomo****

**Co-Founder & Scientific Advisor**

****Domenico Lembo****

**Co-Founder & Scientific Advisor**

****Antonella Poggi****

**Co-Founder & Scientific Advisor**

****Domenico Fabio Savo****

****Co-Founder & Scientific Advisor****

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Tag

#sap