Update for "3605597 - FAQ for SAP Security Note 3604119 [CVE-2025-42999]"

[reingart]

Changes:

• Add final report section for vulnerable component patch version check
• Update "Insecure Deserialization attempt" detection message in Java Default Trace log

Reference: https://me.sap.com/notes/3605597

New sample report section for unpatched component:

[CRITICAL] Unpatched VCFRAMEWORK Component found: Vulnerable Version Present

Detected component version: 7.5031.20250418122224.0000

Your system remains at risk. Only the latest patch addressing CVE-2025-42999
fully mitigates this vulnerability.
The VISUAL COMPOSER FRAMEWORK component (VCFRAMEWORK.SCA) must be updated to
the patch level specified in "SAP Security Note 3604119", matching the
relevant Support Package Patch version.

Failure to apply this update may allow an authorized (privileged) attacker to
upload malicious executables, potentially compromising the host environment.

Updated section for insecure deserialization detection:

[CRITICAL] Exploitation Activity detected in Java Default Trace log

Detected "Insecure Deserialization attempt in SAP NetWeaver Visual Composer
development server", matching exploit patterns for CVE-2025-42999.
Log Java Default Trace shows an error referencing
'devserver_metadataupload_ear' application and a 'getOutputProperties' method
call, which indicates exploitation of the Visual Composer Visual Composer
development server.

Log evidence has been saved for further investigation.
Exported Log File: /app/trace_events_20250515163019.csv