7.4
CVE-2023-35874
- EPSS 0.14%
- Veröffentlicht 11.07.2023 03:15:10
- Zuletzt bearbeitet 21.11.2024 08:08:53
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginImproper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Versionkernel_7.22
SAP ≫ Netweaver Application Server Abap Versionkernel_7.53
SAP ≫ Netweaver Application Server Abap Versionkernel_7.54
SAP ≫ Netweaver Application Server Abap Versionkernel_7.77
SAP ≫ Netweaver Application Server Abap Versionkernel_7.81
SAP ≫ Netweaver Application Server Abap Versionkernel_7.85
SAP ≫ Netweaver Application Server Abap Versionkernel_7.89
SAP ≫ Netweaver Application Server Abap Versionkernel_7.92
SAP ≫ Netweaver Application Server Abap Versionkernel_7.93
SAP ≫ Netweaver Application Server Abap Versionkrnl64nuc_7.22
SAP ≫ Netweaver Application Server Abap Versionkrnl64nuc_7.22ext
SAP ≫ Netweaver Application Server Abap Versionkrnl64uc_7.22
SAP ≫ Netweaver Application Server Abap Versionkrnl64uc_7.22ext
SAP ≫ Netweaver Application Server Abap Versionkrnl64uc_7.53
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.33 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 3.1 | 3.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
|
| cna@sap.com | 6 | 1.8 | 3.7 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.