CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk.
The vulnerability, identified as CVE-2017-12637, is a directory traversal flaw in SAP NetWeaver Application Server Java that allows remote attackers to read arbitrary files on affected systems.
The KEV catalog entry, dated March 19, 2025, highlights the urgency of addressing this vulnerability, which has been observed as being actively exploited in the wild.
CISA has set a due date of April 9, 2025, for federal agencies to apply the necessary mitigations or discontinue the use of affected products if patches are unavailable.
SAP NetWeaver Directory Traversal Vulnerability
CVE-2017-12637 affects SAP NetWeaver Application Server Java versions 7.5 and potentially earlier releases.
The vulnerability stems from improper input validation in the scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS component, allowing attackers to use directory traversal sequences (e.g., “../”) in the query string to access files outside of the intended directory.
Security researchers have categorized this vulnerability under CWE-22, which refers to the improper limitation of a pathname to a restricted directory, commonly known as a ‘Path Traversal’ flaw. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity level.
Risk Factors Details Affected ProductsSAP NetWeaver Application Server Java 7.5 and potentially earlier versionsImpactRead arbitrary files on the systemExploit PrerequisitesRemote access, no authentication requiredCVSS 3.1 Score7.5 (High)
SAP has released Security Note 2486657 to address the issue, and organizations are strongly advised to apply the patch immediately.
For those unable to patch, CISA recommends following vendor-provided mitigations or considering discontinuing the use of the affected product if no mitigations are available.
Exploiting this vulnerability could lead to unauthorized access to sensitive information, potentially compromising the confidentiality and integrity of affected systems.
While there is no confirmation of its use in ransomware campaigns, the potential for such exploitation remains a concern. CISA emphasizes using the KEV catalog as a critical input for vulnerability management prioritization.
Organizations are encouraged to integrate this information into their security frameworks, such as the Stakeholder-Specific Vulnerability Categorization (SSVC) model, to better assess and respond to emerging threats.
Cybersecurity experts recommend that organizations running SAP NetWeaver AS Java take the following steps:
Including CVE-2017-12637 in the KEV catalog underscores the ongoing challenge organizations face in effectively managing vulnerabilities.
As threat actors continue to target known vulnerabilities, the cybersecurity community must remain vigilant and proactive in addressing potential risks.
CISA’s KEV catalog serves as a valuable resource in this effort, providing organizations with actionable intelligence to prioritize their security efforts and protect against active threats.
Organizations are advised to regularly consult the KEV catalog and other authoritative sources to stay informed about critical vulnerabilities and take swift action to secure their systems against emerging threats.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Warns of SAP NetWeaver Directory Traversal Vulnerability Exploited in Attacks
Author: Guru BaranThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in SAP NetWeaver to its Known Exploited Vulnerabilities (KEV) catalog, urging organizations to immediately mitigate the risk.
The vulnerability, identified as CVE-2017-12637, is a directory traversal flaw in SAP NetWeaver Application Server Java that allows remote attackers to read arbitrary files on affected systems.
The KEV catalog entry, dated March 19, 2025, highlights the urgency of addressing this vulnerability, which has been observed as being actively exploited in the wild.
CISA has set a due date of April 9, 2025, for federal agencies to apply the necessary mitigations or discontinue the use of affected products if patches are unavailable.
SAP NetWeaver Directory Traversal Vulnerability
CVE-2017-12637 affects SAP NetWeaver Application Server Java versions 7.5 and potentially earlier releases.
The vulnerability stems from improper input validation in the scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS component, allowing attackers to use directory traversal sequences (e.g., “../”) in the query string to access files outside of the intended directory.
Security researchers have categorized this vulnerability under CWE-22, which refers to the improper limitation of a pathname to a restricted directory, commonly known as a ‘Path Traversal’ flaw. The CVSS v3.1 base score for this vulnerability is 7.5, indicating a high severity level.
Risk Factors Details Affected ProductsSAP NetWeaver Application Server Java 7.5 and potentially earlier versionsImpactRead arbitrary files on the systemExploit PrerequisitesRemote access, no authentication requiredCVSS 3.1 Score7.5 (High)
SAP has released Security Note 2486657 to address the issue, and organizations are strongly advised to apply the patch immediately.
For those unable to patch, CISA recommends following vendor-provided mitigations or considering discontinuing the use of the affected product if no mitigations are available.
Exploiting this vulnerability could lead to unauthorized access to sensitive information, potentially compromising the confidentiality and integrity of affected systems.
While there is no confirmation of its use in ransomware campaigns, the potential for such exploitation remains a concern. CISA emphasizes using the KEV catalog as a critical input for vulnerability management prioritization.
Organizations are encouraged to integrate this information into their security frameworks, such as the Stakeholder-Specific Vulnerability Categorization (SSVC) model, to better assess and respond to emerging threats.
Cybersecurity experts recommend that organizations running SAP NetWeaver AS Java take the following steps:
- Immediately identify all instances of SAP NetWeaver AS Java within their environment.
- Apply the patch provided in SAP Security Note 2486657 as soon as possible.
- Implement network segmentation and access controls to limit the exposure of vulnerable systems.
- Monitor for any suspicious activity that could indicate attempted exploitation of this vulnerability.
- Conduct a thorough review of system logs to identify any potential compromise that may have occurred before patching.
Including CVE-2017-12637 in the KEV catalog underscores the ongoing challenge organizations face in effectively managing vulnerabilities.
As threat actors continue to target known vulnerabilities, the cybersecurity community must remain vigilant and proactive in addressing potential risks.
CISA’s KEV catalog serves as a valuable resource in this effort, providing organizations with actionable intelligence to prioritize their security efforts and protect against active threats.
Organizations are advised to regularly consult the KEV catalog and other authoritative sources to stay informed about critical vulnerabilities and take swift action to secure their systems against emerging threats.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
