SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following:
The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
(CVE-2024-22126)
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. (CVE-2024-24743)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(190609);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");
script_cve_id("CVE-2024-22126", "CVE-2024-24743");
script_xref(name:"IAVA", value:"2024-A-0084");
script_name(english:"SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2024)");
script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver application server is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the
following:
- The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the
incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting
(XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.
(CVE-2024-22126)
- SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated attacker to submit a malicious request
with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data
but not modify them. There are expansion limits in place so that availability is not affected. (CVE-2024-24743)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.sap.com/en/my-support/knowledge-base/security-notes-news/february-2024.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?89707ebf");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3417627");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3426111");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-22126");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/16");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_netweaver_as_web_detect.nbin");
script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 8000, 50000);
exit(0);
}
include('vcf_extras_sap.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var app_info = vcf::sap_netweaver_as::get_app_info();
var constraints = [
{'equal' : '7.50', 'fixed_display' : 'See vendor advisory' }
];
vcf::sap_netweaver_as::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_HOLE,
flags:{xss:TRUE}
);
Vendor | Product | Version | CPE |
---|---|---|---|
sap | netweaver_application_server | cpe:/a:sap:netweaver_application_server |