CVE-2023-23854

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS ABAP and ABAP Platform700affected
SAPNetWeaver AS ABAP and ABAP Platform701affected
SAPNetWeaver AS ABAP and ABAP Platform702affected
SAPNetWeaver AS ABAP and ABAP Platform731affected
SAPNetWeaver AS ABAP and ABAP Platform740affected
SAPNetWeaver AS ABAP and ABAP Platform750affected
SAPNetWeaver AS ABAP and ABAP Platform751affected
SAPNetWeaver AS ABAP and ABAP Platform752affected

Weaknesses

  • CWE-862: CWE-862 Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References