security-services-tools/FRUN_Policies/Note_3604119.xml at main · SAP-samples/security-services-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
<?xml version="1.0" encoding="utf-8"?>
<targetsystem xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" desc="Security note 3604119 - [CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server)" id="Note_3604119" multisql="Yes" version="0000" xsi:schemaLocation="csa_policy.xsd">
  <!-- [p1-CVSS 9.1] EP-VC-INF 0003604119 - [CVE-2025-42999] Insecure Deserialization in SAP NetWeaver (Visual Composer development server) (Version 0039) -->
  <!-- Syntax rules: https://support.sap.com/en/alm/sap-focused-run/expert-portal/configuration-and-security-analytics/syntax-rules-and-policy-check-examples.html -->
  <configstore name="COMP_LEVEL" name_extended="" system_type="JAVA">
    <checkitem desc="Validate note 3604119 for software component VCFRAMEWORK" id="VCFRAMEWORK" not_found="ignore">
      <compliant>
        COMPONENT = 'VCFRAMEWORK' and (
                   ( VERSION = '7.50' and SP = '20' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '21' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '22' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '23' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '24' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '25' and PATCH &gt;= '3' )
                or ( VERSION = '7.50' and SP = '26' and PATCH &gt;= '3' )
                or ( VERSION = '7.50' and SP = '27' and PATCH &gt;= '3' )
                or ( VERSION = '7.50' and SP = '28' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '29' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '30' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP = '31' and PATCH &gt;= '2' )
                or ( VERSION = '7.50' and SP &gt;= '32' )
        )
      </compliant>
      <noncompliant>
        COMPONENT = 'VCFRAMEWORK' and (
                   ( VERSION &lt; '7.50')
                or ( VERSION = '7.50' and SP &lt; '20')
                or ( VERSION = '7.50' and SP = '20' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '21' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '22' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '23' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '24' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '25' and PATCH &lt; '3' )
                or ( VERSION = '7.50' and SP = '26' and PATCH &lt; '3' )
                or ( VERSION = '7.50' and SP = '27' and PATCH &lt; '3' )
                or ( VERSION = '7.50' and SP = '28' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '29' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '30' and PATCH &lt; '2' )
                or ( VERSION = '7.50' and SP = '31' and PATCH &lt; '2' )
        )
      </noncompliant>
    </checkitem>
  </configstore>
</targetsystem>