9.8
CVE-2023-40309
- EPSS 0.16%
- Veröffentlicht 12.09.2023 03:15:12
- Zuletzt bearbeitet 21.11.2024 08:19:12
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Commoncryptolib Version8.0.0
SAP ≫ Content Server Version6.50
SAP ≫ Content Server Version7.53
SAP ≫ Content Server Version7.54
SAP ≫ Extended Application Services And Runtime Version1.0
SAP ≫ Hana Database Version2.0
SAP ≫ Host Agent Version722
SAP ≫ Netweaver Application Server Abap Version7.22ext
SAP ≫ Netweaver Application Server Abap Versionkernel_7.22
SAP ≫ Netweaver Application Server Abap Versionkernel_7.53
SAP ≫ Netweaver Application Server Abap Versionkernel_7.54
SAP ≫ Netweaver Application Server Abap Versionkernel_7.77
SAP ≫ Netweaver Application Server Abap Versionkernel_7.85
SAP ≫ Netweaver Application Server Abap Versionkernel_7.89
SAP ≫ Netweaver Application Server Abap Versionkernel_7.91
SAP ≫ Netweaver Application Server Abap Versionkernel_7.92
SAP ≫ Netweaver Application Server Abap Versionkernel_7.93
SAP ≫ Netweaver Application Server Abap Versionkernel_8.04
SAP ≫ Netweaver Application Server Abap Versionkernel64nuc_7.22
SAP ≫ Netweaver Application Server Abap Versionkernel64nuc_7.22ext
SAP ≫ Netweaver Application Server Abap Versionkernel64uc_7.22
SAP ≫ Netweaver Application Server Abap Versionkernel64uc_7.22ext
SAP ≫ Netweaver Application Server Abap Versionkernel64uc_7.53
SAP ≫ Netweaver Application Server Abap Versionkernel64uc_8.04
SAP ≫ Netweaver Application Server Java Versionkernel_7.22
SAP ≫ Netweaver Application Server Java Versionkernel_7.53
SAP ≫ Netweaver Application Server Java Versionkernel_7.54
SAP ≫ Netweaver Application Server Java Versionkernel_7.77
SAP ≫ Netweaver Application Server Java Versionkernel_7.85
SAP ≫ Netweaver Application Server Java Versionkernel_7.89
SAP ≫ Netweaver Application Server Java Versionkernel_7.91
SAP ≫ Netweaver Application Server Java Versionkernel_7.92
SAP ≫ Netweaver Application Server Java Versionkernel_7.93
SAP ≫ Netweaver Application Server Java Versionkernel_8.04
SAP ≫ Netweaver Application Server Java Versionkernel64nuc_7.22
SAP ≫ Netweaver Application Server Java Versionkernel64nuc_7.22ext
SAP ≫ Netweaver Application Server Java Versionkernel64uc_7.22
SAP ≫ Netweaver Application Server Java Versionkernel64uc_7.22ext
SAP ≫ Netweaver Application Server Java Versionkernel64uc_7.53
SAP ≫ Netweaver Application Server Java Versionkernel64uc_8.04
SAP ≫ Web Dispatcher Version7.22ext
SAP ≫ Web Dispatcher Version7.53
SAP ≫ Web Dispatcher Version7.54
SAP ≫ Web Dispatcher Version7.77
SAP ≫ Web Dispatcher Version7.85
SAP ≫ Web Dispatcher Version7.89
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.38 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@sap.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.