Detections
Analytics

SAP NetWeaver AS Java Multiple Vulnerabilities (3700960)

high Nessus Plugin ID 302113

Synopsis

The remote SAP NetWeaver AS Java server is affected by a multiple vulnerabilities.

Description

The version of SAP NetWeaver Application Server Java detected on the remote host is affected by a affected by a multiple vulnerabilities as disclosed in the SAP Security Patch Day March 2026:

 - An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. (CVE-2025-9230)

 - An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. (CVE-2025-9232)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

https://me.sap.com/notes/3700960

Plugin Details

Severity: High

ID: 302113

File Name: sap_netweaver_as_java_3700960.nasl

Version: 1.1

Type: remote

Family: Web Servers

Published: 3/13/2026

Updated: 3/13/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/a:sap:netweaver_application_server

Required KB Items: Settings/ParanoidReport, installed_sw/SAP Netweaver Application Server (AS)

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 9/30/2025

Reference Information

CVE: CVE-2025-9230, CVE-2025-9232

IAVA: 2026-A-0215