Authentication Flaw in SAP POS Xpress Server
CVE-2017-15295

9.8CRITICAL

Key Information:

Vendor

SAP
Status
Point Of Sale Xpress Server
Vendor
CVE Published:
16 October 2017

What is CVE-2017-15295?

The Xpress Server component of SAP POS is susceptible to a significant authentication bypass vulnerability, allowing unauthorized users to read, write, and delete files without requiring any form of authentication. This flaw poses a serious risk, as it can lead to exposure of sensitive data and potential manipulation of the system. SAP has issued Security Note 2520064 to address this issue, emphasizing the importance of applying necessary patches to mitigate associated risks.

References

https://erpscan.io/research/hacking-sap-pos/
x_refsource_MISC
https://blogs.sap.com/2017/09/12/sap-security-patch-day-s...
x_refsource_MISC
https://erpscan.io/advisories/erpscan-17-033-sap-pos-miss...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.