11-17-2015 10:12 AM
Hi Gurus,
I found the a post stating there is a Zero-Day exploit in the common collections function InvokerTransformer. Found by Gabriel Lawrence and Chris Frohoff shown in their presentation.
http://de.slideshare.net/frohoff1/appseccali-2015-marshalling-pickles
Until now I have found no SAP Security Notes relating to this and stating a possible solution or how if there are any tools affected.
Did anyone find any document related to this?
Edit: There was already an other post to this topic ->
Kind regards,
Niklas
12-04-2015 12:01 PM
Hey everybody,
I wanted to give you an update on this.
After contacting SAP I go the answer that both SAP ABAP and SAP JAVA do not use this library.
I could confirm this after I have done the search for the vulnerable library.
Please remember that this is not a official statement, that you may not be affected. This is just a hint that we seem to be quite safe using SAP.
In case you want to know if you are affected please open an OSS message at SAP.
Regards,
Niklas
12-04-2015 12:01 PM
Hey everybody,
I wanted to give you an update on this.
After contacting SAP I go the answer that both SAP ABAP and SAP JAVA do not use this library.
I could confirm this after I have done the search for the vulnerable library.
Please remember that this is not a official statement, that you may not be affected. This is just a hint that we seem to be quite safe using SAP.
In case you want to know if you are affected please open an OSS message at SAP.
Regards,
Niklas