CVE-2023-40308

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3327896	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:commoncryptolib:8.0.0:::::::*
	cpe:2.3:a:sap:content_server:6.50:::::::*
	cpe:2.3:a:sap:content_server:7.53:::::::*
	cpe:2.3:a:sap:content_server:7.54:::::::*
	cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:::::::*
	cpe:2.3:a:sap:hana_database:2.0:::::::*
	cpe:2.3:a:sap:host_agent:722:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:sapssoext:17.0:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.22ext:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.53:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.54:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.77:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

History

15 Sep 2023, 17:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:::::::* cpe:2.3:a:sap:web_dispatcher:7.89:::::::* cpe:2.3:a:sap:web_dispatcher:7.53:::::::* cpe:2.3:a:sap:sapssoext:17.0:::::::* cpe:2.3:a:sap:web_dispatcher:7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:::::::* cpe:2.3:a:sap:web_dispatcher:7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:::::::* cpe:2.3:a:sap:host_agent:722:::::::* cpe:2.3:a:sap:web_dispatcher:7.77:::::::* cpe:2.3:a:sap:hana_database:2.0:::::::* cpe:2.3:a:sap:content_server:7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:::::::* cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:::::::* cpe:2.3:a:sap:content_server:7.54:::::::* cpe:2.3:a:sap:commoncryptolib:8.0.0:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:::::::* cpe:2.3:a:sap:content_server:6.50:::::::* cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
References	~~(MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html -~~	(MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
References	~~(MISC) https://me.sap.com/notes/3327896 -~~	(MISC) https://me.sap.com/notes/3327896 - Permissions Required, Vendor Advisory
First Time		Sap host Agent Sap hana Database Sap netweaver Application Server Java Sap content Server Sap Sap extended Application Services And Runtime Sap sapssoext Sap netweaver Application Server Abap Sap commoncryptolib Sap web Dispatcher
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5

12 Sep 2023, 11:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-12 02:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-40308

Mitre link : CVE-2023-40308

CVE.ORG link : CVE-2023-40308

JSON object : View

Products Affected

sap

commoncryptolib
netweaver_application_server_abap
web_dispatcher
netweaver_application_server_java
sapssoext
extended_application_services_and_runtime
host_agent
content_server
hana_database

CWE

CWE-476

NULL Pointer Dereference

7.5 /10