Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-37492
HistoryAug 08, 2023 - 1:15 a.m.

CVE-2023-37492

2023-08-0801:15:18
CWE-862
[email protected]
web.nvd.nist.gov
31
sap
netweaver
abap
platform
version
authorization
vulnerability
cve-2023-37492

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.

Affected configurations

NVD
Node
sapnetweaver_application_server_abapMatch700sap_basis
OR
sapnetweaver_application_server_abapMatch701sap_basis
OR
sapnetweaver_application_server_abapMatch702sap_basis
OR
sapnetweaver_application_server_abapMatch731sap_basis
OR
sapnetweaver_application_server_abapMatch740sap_basis
OR
sapnetweaver_application_server_abapMatch750sap_basis
OR
sapnetweaver_application_server_abapMatch752sap_basis
OR
sapnetweaver_application_server_abapMatch753sap_basis
OR
sapnetweaver_application_server_abapMatch754sap_basis
OR
sapnetweaver_application_server_abapMatch755sap_basis
OR
sapnetweaver_application_server_abapMatch756sap_basis
OR
sapnetweaver_application_server_abapMatch757sap_basis
OR
sapnetweaver_application_server_abapMatch758sap_basis
OR
sapnetweaver_application_server_abapMatch793sap_basis
OR
sapnetweaver_application_server_abapMatch804sap_basis
CPENameOperatorVersion
sap:netweaver_application_server_abapsap netweaver application server abapeq700
sap:netweaver_application_server_abapsap netweaver application server abapeq701
sap:netweaver_application_server_abapsap netweaver application server abapeq702
sap:netweaver_application_server_abapsap netweaver application server abapeq731
sap:netweaver_application_server_abapsap netweaver application server abapeq740
sap:netweaver_application_server_abapsap netweaver application server abapeq750
sap:netweaver_application_server_abapsap netweaver application server abapeq752
sap:netweaver_application_server_abapsap netweaver application server abapeq753
sap:netweaver_application_server_abapsap netweaver application server abapeq754
sap:netweaver_application_server_abapsap netweaver application server abapeq755
Rows per page:
1-10 of 151

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 793"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 804"
      }
    ]
  }
]

Related

nessus 1
prion 1
cvelist 1
nvd 1
nessus
nessus
SAP NetWeaver AS ABAP Privilege Escalation (3348000)
2023-08-10 00:00:00
prion
prion
Authorization
2023-08-08 01:15:00
cvelist
cvelist
CVE-2023-37492 Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
2023-08-08 00:47:40
nvd
nvd
CVE-2023-37492
2023-08-08 01:15:18

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON
Related for CVE-2023-37492
nessus1prion1cvelist1nvd1