Lucene search

[email protected]CVE-2023-35874

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-35874

2023-07-1103:15:10

CWE-287

[email protected]

web.nvd.nist.gov

sap

netweaver

application server

abap

abap platform

krnl64nuc

krnl64uc

kernel

cve-2023-35874

authentication

network security

vulnerability

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

27.6%

JSON

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Affected configurations

NVD

Node

sapnetweaver_application_server_abapMatchkernel_7.22

sapnetweaver_application_server_abapMatchkernel_7.53

sapnetweaver_application_server_abapMatchkernel_7.54

sapnetweaver_application_server_abapMatchkernel_7.77

sapnetweaver_application_server_abapMatchkernel_7.81

sapnetweaver_application_server_abapMatchkernel_7.85

sapnetweaver_application_server_abapMatchkernel_7.89

sapnetweaver_application_server_abapMatchkernel_7.92

sapnetweaver_application_server_abapMatchkernel_7.93

sapnetweaver_application_server_abapMatchkrnl64nuc_7.22

sapnetweaver_application_server_abapMatchkrnl64nuc_7.22ext

sapnetweaver_application_server_abapMatchkrnl64uc_7.22

sapnetweaver_application_server_abapMatchkrnl64uc_7.22ext

sapnetweaver_application_server_abapMatchkrnl64uc_7.53

CPENameOperatorVersion
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.22
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.53
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.54
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.77
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.81
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.85
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.89
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.92
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.93
sap:netweaver_application_server_abapsap netweaver application server abapeqkrnl64nuc_7.22

CPE	Name	Operator	Version
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.22
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.53
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.54
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.77
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.81
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.85
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.89
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.92
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.93
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	krnl64nuc_7.22

Rows per page:

1-10 of 141

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KRNL64NUC 722"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KRNL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.81"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.85"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.89"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.92"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.93"
      }
    ]
  }
]