SAP Security Notes, September 2022
Note 3237075 patches a high priority vulnerability in SAP GRC Access Control that could be exploited by attackers to access Firefighter sessions even after they are closed in the Firefighter Logon Pad. Firefighter IDs are dedicated user identities with elevated privileges that are activated when required and controlled through Emergency Access Management (EAM) in SAP GRC. Note 3237075 provides a patch to detect active Firefighter sessions using SM04 and SM05 information. To properly retrieve the SM05 data, the GRC RFC user will require authorization object S_ADMI_FCD with value PADM. According to SAP, the implementation of the correction will lead to a slight degradation in performance due to the additional time required for the SM04 check during logon. This only affects the central system.
Note 3213507 resolves a privilege escalation and information disclosure vulnerability in SAP BusinessObjects Business Intelligence (BOBJ) that could lead to the retrieval and modification of sensitive system data from the Central Management Server (CMS) and Monitoring DB. Note 3217303 patches a similar vulnerability in the BOBJ Central Management Console (CMC).
Notes 3223392 and 3226411 deal with high-risk privilege escalation vulnerabilities in SAP Business One and SAP SuccessFactors, respectively. The vulnerabilities can be exploited to gain system privileges.
Finally, note 2998510 was updated to clarify that sysmon is not the only OS application that can be exploited to compromise authentication credentials for the CMS in BOBJ. Also, the vulnerability impacts BOBJ installations operating from both Linux/ Unix and Windows platforms.