CVE-2023-0014
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 701 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 702 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 710 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 711 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 730 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 731 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 740 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 750 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 751 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 752 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 753 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 754 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 755 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 756 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | SAP_BASIS 757 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.22 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.53 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.77 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.81 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.85 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KERNEL 7.89 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KRNL64UC 7.22 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KRNL64UC 7.22EXT | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KRNL64UC 7.53 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KRNL64NUC 7.22 | affected |
| SAP | NetWeaver ABAP Server and ABAP Platform | KRNL64NUC 7.22EXT | affected |
Weaknesses
- CWE-294: CWE-294 Authentication Bypass by Capture-replay
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/3089413
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://launchpad.support.sap.com/#/notes/3089413
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.