In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3309056 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/3309056 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://launchpad.support.sap.com/#/notes/3309056 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
Information
Published : 2023-04-11 03:15
Updated : 2024-11-21 07:53
NVD link : CVE-2023-27897
Mitre link : CVE-2023-27897
CVE.ORG link : CVE-2023-27897
JSON object : View
Products Affected
sap
- customer_relationship_management
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')