Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.SAP_NETWEAVER_AS_JAVA_NOV_2024.NASLHistoryFeb 16, 2024 - 12:00 a.m.
SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2024)
2024-02-1600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
sap
netweaver
application server
java
multiple vulnerabilities
cross-site scripting
xss
confidentiality
integrity
availability
cve-2024-22126
caf
guided procedures
xml
unauthenticated access
sensitive data
nessus
scanner
8.1 High
AI Score
Confidence
High
SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following:
-
The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
(CVE-2024-22126) -
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. (CVE-2024-24743)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(190609);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");
script_cve_id("CVE-2024-22126", "CVE-2024-24743");
script_xref(name:"IAVA", value:"2024-A-0084");
script_name(english:"SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2024)");
script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver application server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the
following:
- The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the
incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting
(XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
(CVE-2024-22126)
- SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated attacker to submit a malicious request
with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data
but not modify them. There are expansion limits in place so that availability is not affected. (CVE-2024-24743)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2024.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89707ebf");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3417627");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3426111");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22126");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/16");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_netweaver_as_web_detect.nbin");
script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 8000, 50000);
exit(0);
}
include('vcf_extras_sap.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var app_info = vcf::sap_netweaver_as::get_app_info();
var constraints = [
{'equal' : '7.50', 'fixed_display' : 'See vendor advisory' }
];
vcf::sap_netweaver_as::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE,
flags:{xss:TRUE}
);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | netweaver_application_server | cpe:/a:sap:netweaver_application_server |
Related
prion
prion
Cross site scripting
2024-02-13 02:15:00
Design/Logic Flaw
2024-02-13 03:15:00
cve
cve
CVE-2024-24743
2024-02-13 03:15:09
CVE-2024-22126
2024-02-13 02:15:08
cvelist
cvelist