CVE-2023-25618

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform700affected
SAPNetWeaver AS for ABAP and ABAP Platform701affected
SAPNetWeaver AS for ABAP and ABAP Platform702affected
SAPNetWeaver AS for ABAP and ABAP Platform731affected
SAPNetWeaver AS for ABAP and ABAP Platform740affected
SAPNetWeaver AS for ABAP and ABAP Platform750affected
SAPNetWeaver AS for ABAP and ABAP Platform751affected
SAPNetWeaver AS for ABAP and ABAP Platform752affected
SAPNetWeaver AS for ABAP and ABAP Platform753affected
SAPNetWeaver AS for ABAP and ABAP Platform754affected
SAPNetWeaver AS for ABAP and ABAP Platform755affected
SAPNetWeaver AS for ABAP and ABAP Platform756affected
SAPNetWeaver AS for ABAP and ABAP Platform757affected
SAPNetWeaver AS for ABAP and ABAP Platform791affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References