SAP NetWeaver AS Java Multiple Vulnerabilities (July 2025)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(241707);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/11");

  script_cve_id("CVE-2025-42963", "CVE-2025-42978");
  script_xref(name:"IAVA", value:"2025-A-0505");

  script_name(english:"SAP NetWeaver AS Java Multiple Vulnerabilities (July 2025)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver application server is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the
following:

  - A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated 
    administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to 
    full operating system compromise, granting attackers complete control over the affected system.
    (CVE-2025-42963)

  - The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server 
    Java does not reliably match the hostname that is used for the connection against the wildcard hostname 
    defined in the received certificate of remote TLS server. This might lead to the outbound connection 
    being established to a possibly malicious remote TLS server and hence disclose information. 
    (CVE-2025-42978)

Note that Nessus has not tested for these issue but has instead relied only on the application's self-reported version
number.");
  # https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?689b7591");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3621771");
  script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3557179");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-42963");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/10");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("sap_netweaver_as_web_detect.nbin");
  script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
  script_require_ports("Services/www", 80, 443, 8000, 50000);

  exit(0);
}

include('vcf_extras_sap.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

var app_info = vcf::sap_netweaver_as::get_app_info();

var constraints = [
  {'equal' : '7.50', 'fixed_display' : 'See vendor advisory' }
];

vcf::sap_netweaver_as::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_HOLE
);