6.5
CVE-2023-29185
- EPSS 0.23%
- Veröffentlicht 11.04.2023 04:16:08
- Zuletzt bearbeitet 21.11.2024 07:56:40
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver As Abap Business Server Pages Version700
SAP ≫ Netweaver As Abap Business Server Pages Version701
SAP ≫ Netweaver As Abap Business Server Pages Version702
SAP ≫ Netweaver As Abap Business Server Pages Version731
SAP ≫ Netweaver As Abap Business Server Pages Version740
SAP ≫ Netweaver As Abap Business Server Pages Version750
SAP ≫ Netweaver As Abap Business Server Pages Version751
SAP ≫ Netweaver As Abap Business Server Pages Version752
SAP ≫ Netweaver As Abap Business Server Pages Version753
SAP ≫ Netweaver As Abap Business Server Pages Version754
SAP ≫ Netweaver As Abap Business Server Pages Version755
SAP ≫ Netweaver As Abap Business Server Pages Version756
SAP ≫ Netweaver As Abap Business Server Pages Version757
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.457 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| cna@sap.com | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.