7.4

CVE-2023-35874

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Data is provided by the National Vulnerability Database (NVD)
SAPNetweaver Application Server Abap Versionkernel_7.22
SAPNetweaver Application Server Abap Versionkernel_7.53
SAPNetweaver Application Server Abap Versionkernel_7.54
SAPNetweaver Application Server Abap Versionkernel_7.77
SAPNetweaver Application Server Abap Versionkernel_7.81
SAPNetweaver Application Server Abap Versionkernel_7.85
SAPNetweaver Application Server Abap Versionkernel_7.89
SAPNetweaver Application Server Abap Versionkernel_7.92
SAPNetweaver Application Server Abap Versionkernel_7.93
SAPNetweaver Application Server Abap Versionkrnl64nuc_7.22
SAPNetweaver Application Server Abap Versionkrnl64nuc_7.22ext
SAPNetweaver Application Server Abap Versionkrnl64uc_7.22
SAPNetweaver Application Server Abap Versionkrnl64uc_7.22ext
SAPNetweaver Application Server Abap Versionkrnl64uc_7.53
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.286
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.4 3.1 3.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
cna@sap.com 6 1.8 3.7
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://me.sap.com/notes/3318850
Permissions Required