CVE-2023-0014

Summary

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 701affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 702affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 710affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 711affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 730affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 731affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 740affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 750affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 751affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 752affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 753affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 754affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 755affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 756affected
SAPNetWeaver ABAP Server and ABAP PlatformSAP_BASIS 757affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.22affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.53affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.77affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.81affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.85affected
SAPNetWeaver ABAP Server and ABAP PlatformKERNEL 7.89affected
SAPNetWeaver ABAP Server and ABAP PlatformKRNL64UC 7.22affected
SAPNetWeaver ABAP Server and ABAP PlatformKRNL64UC 7.22EXTaffected
SAPNetWeaver ABAP Server and ABAP PlatformKRNL64UC 7.53affected
SAPNetWeaver ABAP Server and ABAP PlatformKRNL64NUC 7.22affected
SAPNetWeaver ABAP Server and ABAP PlatformKRNL64NUC 7.22EXTaffected

Weaknesses

  • CWE-294: CWE-294 Authentication Bypass by Capture-replay

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References