CVE-2023-37492

EPSS 0.09%
Published 08.08.2023 01:15:18
Last modified 21.11.2024 08:11:49
Source cna@sap.com
Teams watchlist Login
Open Login

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Application Server Abap Version700 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version701 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version702 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version731 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version740 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version750 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version752 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version753 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version754 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version755 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version756 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version757 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version758 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version793 SwEditionsap_basis

SAP ≫ Netweaver Application Server Abap Version804 SwEditionsap_basis

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.261

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cna@sap.com	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://me.sap.com/notes/3348000

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-37492

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37492

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37492

EUVD