SAP NetWeaver AS Java Multiple Vulnerabilities (March 2023)

high Nessus Plugin ID 172603

Synopsis

The remote SAP NetWeaver application server is affected by multiple vulnerabilities.

Description

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following:

- Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.(CVE-2023-23857)

- SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data. (CVE-2023-24526)

- Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity. (CVE-2023-26460)

- SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges. (CVE-2023-27268)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

http://www.nessus.org/u?18f404d5

https://launchpad.support.sap.com/#/notes/3252433

https://launchpad.support.sap.com/#/notes/3288480

https://launchpad.support.sap.com/#/notes/3288096

https://launchpad.support.sap.com/#/notes/3288394

Plugin Details

Severity: High

ID: 172603

File Name: sap_netweaver_as_java_mar_2023.nasl

Version: 1.4

Type: remote

Family: Web Servers

Published: 3/16/2023

Updated: 8/30/2023

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS Score Source: CVE-2023-23857

CVSS v3

Risk Factor: High

Base Score: 8.6

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:sap:netweaver_application_server

Required KB Items: Settings/ParanoidReport, installed_sw/SAP Netweaver Application Server (AS)

Exploit Ease: No known exploits are available

Patch Publication Date: 3/14/2023

Vulnerability Publication Date: 3/14/2023

Reference Information

CVE: CVE-2023-23857, CVE-2023-24526, CVE-2023-26460, CVE-2023-27268

IAVA: 2023-A-0130