CVE-2022-41272 PoC — SAP NetWeaver Process Integration 安全漏洞

Source

https://github.com/redrays-io/CVE-2022-41272

Associated Vulnerability

Title:SAP NetWeaver Process Integration 安全漏洞 (CVE-2022-41272)
Description:SAP NetWeaver Process Integration（PI）是德国思爱普（SAP）公司的一套SAP企业应用程序集成软件，是NetWeaver产品组的一个组件。该组件主要用于内部系统与外部的信息交换。 SAP NetWeaver Process Integration 7.50版本存在安全漏洞，该漏洞源于未经身份验证的用户可以连接其用户定义搜索中通过JNDI公开的开放接口并使用开放的命名和目录API来访问可能执行未授权操作的服务。

Description

Improper access control in SAP NetWeaver Process Integration

Readme

# CVE-2022-41272

On this repository, we will briefly write information about the CVE-2022-41272 vulnerability.

The vulnerability exists on the SAP P4 service that runs on the 5NN04 port. Where NN is an instance number, that can be from 00-99.

There are remote call functions that an attacker can call without any authentication. 

In the following image, you can see the patch released by SAP. 
![image](https://user-images.githubusercontent.com/7976421/207416778-0e20c035-7182-4482-b266-923c4c5f7999.png)

The PoC is ready and deployed to the RedRays Security Platform. 

PS. You can star and start watching the repository, and when we open the PoC, you will receive the notification. 

[link to original twitt](https://twitter.com/vah_13/status/1602620606280859648)

File Snapshot


 [4.0K]  /data/pocs/ccdce6aa94fff95b4a29467ed9b711fad0447562
└── [ 771]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!