A critical security flaw in SAP NetWeaver AS Java has been uncovered, potentially allowing attackers to upload malicious files and execute unauthorized commands.
The vulnerability, identified as CVE-2024-22127, affects the Administrator Log Viewer plug-in and has been assigned a CVSS score of 9.1, indicating its severe nature.
The security issue stems from an incomplete list of prohibited file types in the Log Viewer plug-in’s upload functionality.
This oversight enables attackers with high-level privileges to upload potentially dangerous files, leading to a command injection vulnerability.
If exploited, the attacker could run malicious commands, significantly impacting the application’s confidentiality, integrity, and availability.
How to Choose an ultimate Managed SIEM solution for Your Security Team -> Download Free Guide (PDF)
SAP has responded to this threat by releasing Security Note, which addresses the vulnerability and provides crucial mitigation steps.
The primary solution involves restricting the types of files that can be uploaded through the Administrator Log Viewer plug-in. After applying the update, only specific file types (.log, .trc, .txt, .old, .out, .cld) containing NWA log records will be permitted for upload, reads Red Rays report.
To further enhance security, SAP recommends activating the log_FileUpload Virus Scan Profile. While not mandatory, this additional measure can help detect and block potential threats during the file upload process.
Organizations using SAP NetWeaver AS Java are strongly advised to take immediate action to protect their systems. Key steps include:
- Upgrading SAP NetWeaver AS Java to the latest patch that addresses this vulnerability.
- Configuring and activating the log_FileUpload Virus Scan Profile.
- Temporarily restricting access to the Log Viewer by adjusting user roles and permissions.
It’s important to note that this vulnerability specifically affects the Administrator Log Viewer plug-in on SAP NetWeaver AS Java version 7.50.
The attack complexity is rated as low, and no user interaction is required for exploitation, which heightens the risk associated with this vulnerability.
Security experts emphasize the importance of prompt action in addressing this issue. Regular security audits, continuous monitoring, and implementing robust access controls are crucial in maintaining a strong security posture for SAP systems.
As organizations work to mitigate this vulnerability, it serves as a reminder of the ongoing need for vigilance in cybersecurity.
Proactive measures, such as regular penetration testing and staying informed about emerging threats, are essential in safeguarding critical business applications and data.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here