SAP patches a series of missing authentication checks in its Point of Sale Retail Xpress Server that could give unauthorized individuals the necessary access to execute various restricted functions.
SAP patches a series of missing authentication checks in its Point of Sale Retail Xpress Server that could give unauthorized individuals the necessary access to execute various restricted functions.

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

The POS vulnerability actually consists of a series of missing authentication checks in the POS server that could give unauthorized individuals the necessary access to execute restricted functions. "This can lead to an information disclosure, privilege escalation, and other attacks," according to a blog post from ERPScan, whose researchers Dmitry Chastuhin, Mathieu Geli, and Vladimir Egorov discovered the high-severity POS vulnerability.

Attackers who exploit the flaw could, for instance, read, write or delete files stored on SAP POS server; shut down the server application; or remotely monitor content displayed on the receipt window of a POS, ERPScan continued.

"This note concerns a complex attack at its core. However, a smart attacker can operate silently and independently... putting the confidentiality, availability and integrity of your data at the highest risk," commented Onapsis in its own security blog covering the SAP updates.

Onapsis researchers Andres Blanco and Nahuel Sanchez discovered one of the other high-priority bugs addressed by SAP, which would allow a malicious actor to shut down the SAP Host Agent without authentication, using a crafted SOAP request. "Consequently, management functions would now be out of service," Onapsis warned in its blog post. "If other scheduled jobs need these web services for regular processes, those jobs will subsequently fail. Depending on your business architecture, this could lead to more critical availability or performance issues on the system."

“SAP Product Security Response Team collaborates frequently with research companies like ERPScan and Onapsis to ensure a responsible disclosure of vulnerabilities," said an official statement from SAP. "All vulnerabilities in question have been fixed, and security patches are available for download on the SAP Support Portal. We strongly advise our customers to secure their SAP landscape by applying the available security patches immediately.”