CVE-2023-0014

{"id": "CVE-2023-0014", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}]}, "published": "2023-01-10T04:15:09.550", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3089413", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-294"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\n\n\n"}], "lastModified": "2023-11-07T03:59:26.877", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "9A8726A6-2AC2-4282-951F-A71AD03572F0"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "6E783E21-1F2A-44A2-BE1C-770370A6739B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "1E8E6E23-EA96-45D5-BC81-3E5990701AD4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A145BFD2-92C8-46B1-8F72-53F6C37018C2"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A5F121E-49BF-4F08-8623-79DDE0A37B63"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BF066A7-91C2-4B36-9A1B-80B1BC8A3E8D"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A677338F-5955-435C-91FD-CC5C1A387024"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A13006BE-0874-48D6-B8F6-47A117A2AE29"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65C7E312-AC74-4997-995F-74AB2E53B24B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A4DCE73-B47A-4FDA-A96D-C251891C8E07"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AC795F5-1AE7-4B4C-B1DD-DEF46BB4122F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14757DC0-6CAC-4082-B726-719098C2216C"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22ext:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D24E493-7256-4881-9761-D84918EC1D78"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.53:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C060979B-38D0-40FD-B1A1-571F5F7C5E8D"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}