SAP NetWeaver Vulnerabilities Let Attackers Upload Malicious PDF Files


SAP has issued a crucial security update addressing multiple high-severity vulnerabilities in its NetWeaver Application Server for Java, specifically within the Adobe Document Services component.

The patch, released on December 10, 2024, as part of SAP’s monthly Security Patch Day, tackles vulnerabilities that could allow attackers to upload malicious PDF files and potentially compromise sensitive information.

The most critical vulnerability, identified as CVE-2024-47578, received a CVSS score of 9.1, indicating its severe nature.

This flaw, along with related vulnerabilities CVE-2024-47579 and CVE-2024-47580, poses significant risks to organizations using SAP’s enterprise solutions.

Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar

Server-Side Request Forgery (SSRF)

The primary vulnerability (CVE-2024-47578) is an SSRF flaw that enables attackers with administrative privileges to send specially crafted requests from vulnerable web applications.

This could potentially lead to unauthorized access to internal systems typically protected by firewalls.

File Upload And Download Exploits

CVE-2024-47579 allows authenticated attackers with administrative rights to exploit a web service for uploading or downloading custom PDF font files on the system server.

This vulnerability could be used to access any file on the server without affecting system integrity.

PDF Attachment Manipulation

CVE-2024-47580 permits authenticated attackers to create PDFs with embedded attachments, specifying internal server files as attachments.

This could lead to unauthorized access to sensitive files on the server.

The exploitation of these vulnerabilities could result in:

  • Data breaches exposing confidential business information
  • Unauthorized access to intellectual property and personal data
  • Potential for lateral movement within internal networks
  • Compromised system integrity and availability
  • Regulatory non-compliance and associated penalties

Mitigation Steps

SAP urges customers to apply Security Note 3536965 immediately to address these vulnerabilities. Key mitigation steps include:

  1. Updating Adobe Document Services to the specified patch level
  2. Deploying the patch across all affected SAP NetWeaver AS for JAVA instances
  3. Conducting thorough testing post-update
  4. Reviewing system logs for signs of attempted exploitation
  5. Implementing strict access controls and multi-factor authentication
  6. Enhancing network segmentation and firewall configurations

The discovery of these critical vulnerabilities underscores the importance of maintaining robust security practices in enterprise environments.

Organizations using SAP NetWeaver AS for JAVA are strongly advised to review and apply the latest security patches to safeguard their systems against potential attacks and data breaches.

Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses



Source link