SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3340576 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2023, 17:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://me.sap.com/notes/3340576 - Permissions Required, Vendor Advisory | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
CPE | cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* |
|
First Time |
Sap host Agent
Sap hana Database Sap netweaver Application Server Java Sap content Server Sap Sap extended Application Services And Runtime Sap sapssoext Sap netweaver Application Server Abap Sap commoncryptolib Sap web Dispatcher |
12 Sep 2023, 11:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 03:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-40309
Mitre link : CVE-2023-40309
CVE.ORG link : CVE-2023-40309
JSON object : View
Products Affected
sap
- commoncryptolib
- netweaver_application_server_abap
- web_dispatcher
- netweaver_application_server_java
- sapssoext
- extended_application_services_and_runtime
- host_agent
- content_server
- hana_database
CWE
CWE-862
Missing Authorization