Rewterz Threat Advisory – Multiple SAP NetWeaver Vulnerabilities

March 16, 2023

Severity

High

Analysis Summary

CVE-2023-23857 CVSS:7.2

SAP NetWeaver AS for Java could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request using the API, an attacker could exploit this vulnerability to read and modify some sensitive information.

CVE-2023-27501 CVSS:8.7

SAP NetWeaver AS for ABAP and ABAP Platform could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to delete arbitrary files on the system.

CVE-2023-27500 CVSS:8.7

CVE-2023-26461 CVSS:6.8

SAP NetWeaver could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations. By using a specially crafted XML content, a remote attacker could exploit this vulnerability to read arbitrary files on the server.

CVE-2023-26459 CVSS:7.4

SAP NetWeaver AS for ABAP and ABAP Platform is vulnerable to server-side request forgery, caused by improper input controls. By using a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to reveal, modify or make unavailable non-sensitive information.

CVE-2023-25618 CVSS:6.5

SAP NetWeaver AS for ABAP and ABAP Platform is vulnerable to a denial of service, caused by improper error handling in an unused class. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to consume the server’s resources, and results in a denial of service condition.

CVE-2023-27268 CVSS:5.3

SAP NetWeaver AS Java could allow a remote attacker to gain elevated privileges on the system, caused by improper authentication and authorization validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.

CVE-2023-26460 CVSS:5.8

SAP NetWeaver AS for Java could allow a remote attacker to obtain sensitive information, caused by improper authentication validation by the Cache Management Service. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-0021 CVSS:6.1

SAP NetWeaver is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2023-27269 CVSS:9.6

SAP NetWeaver Application Server for ABAP and ABAP Platform could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to overwrite arbitrary files on the system.

CVE-2023-24526 CVSS:5.3

SAP NetWeaver AS for Java could allow a remote attacker to gain elevated privileges on the system, caused by improper access control. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to read non-sensitive server data..