Detections
Analytics

SAP NetWeaver AS Java Multiple Vulnerabilities (December 2024)

critical Nessus Plugin ID 213081

Synopsis

The remote SAP NetWeaver application server is affected by multiple vulnerabilities.

Description

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following:

 - Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable. (CVE-2024-47578)

 - An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability. (CVE-2024-47579)

 - An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability. (CVE-2024-47580)

 - Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application. (CVE-2024-47582)

Note that Nessus has not tested for these issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

http://www.nessus.org/u?71bf9e22

https://me.sap.com/notes/3536965

https://me.sap.com/notes/3351041

Plugin Details

Severity: Critical

ID: 213081

File Name: sap_netweaver_as_java_dec_2024.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 12/17/2024

Updated: 12/17/2024

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: High

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2024-47578

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:sap:netweaver_application_server

Required KB Items: installed_sw/SAP Netweaver Application Server (AS), Settings/ParanoidReport

Patch Publication Date: 12/9/2024

Vulnerability Publication Date: 12/9/2024

Reference Information

CVE: CVE-2024-47578, CVE-2024-47579, CVE-2024-47580, CVE-2024-47582