SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3327896 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2023, 17:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* |
|
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
References | (MISC) https://me.sap.com/notes/3327896 - Permissions Required, Vendor Advisory | |
First Time |
Sap host Agent
Sap hana Database Sap netweaver Application Server Java Sap content Server Sap Sap extended Application Services And Runtime Sap sapssoext Sap netweaver Application Server Abap Sap commoncryptolib Sap web Dispatcher |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
12 Sep 2023, 11:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 02:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40308
Mitre link : CVE-2023-40308
CVE.ORG link : CVE-2023-40308
JSON object : View
Products Affected
sap
- commoncryptolib
- netweaver_application_server_abap
- web_dispatcher
- netweaver_application_server_java
- sapssoext
- extended_application_services_and_runtime
- host_agent
- content_server
- hana_database
CWE
CWE-476
NULL Pointer Dereference