CVE-2023-29108

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://launchpad.support.sap.com/#/notes/3315312	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://launchpad.support.sap.com/#/notes/3315312	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:abap_platform_kernel:7.85:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.89:::::::*
	cpe:2.3:a:sap:abap_platform_kernel:7.91:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

History

21 Nov 2024, 07:56

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 5.0
References	~~() https://launchpad.support.sap.com/#/notes/3315312 - Permissions Required~~	() https://launchpad.support.sap.com/#/notes/3315312 - Permissions Required
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

Information

Published : 2023-04-11 03:15

Updated : 2024-11-21 07:56

NVD link : CVE-2023-29108

Mitre link : CVE-2023-29108

CVE.ORG link : CVE-2023-29108

JSON object : View

Products Affected

sap

abap_platform_kernel
web_dispatcher

CWE

CWE-923

Improper Restriction of Communication Channel to Intended Endpoints

NVD-CWE-noinfo

{"id": "CVE-2023-29108", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-04-11T03:15:07.867", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3315312", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/3315312", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-923"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.\n\n"}], "lastModified": "2024-11-21T07:56:33.820", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B284F5-7F46-4764-8B24-8D4C88E211B8"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EA6FA84-0C5C-457C-99F1-60D89E6BD13C"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DD0218F-2104-414D-B0C1-2EFD5A01A602"}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2"}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}