CVE-2023-27270

Summary

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver Application Server for ABAP and ABAP Platform700affected
SAPNetWeaver Application Server for ABAP and ABAP Platform701affected
SAPNetWeaver Application Server for ABAP and ABAP Platform702affected
SAPNetWeaver Application Server for ABAP and ABAP Platform731affected
SAPNetWeaver Application Server for ABAP and ABAP Platform740affected
SAPNetWeaver Application Server for ABAP and ABAP Platform750affected
SAPNetWeaver Application Server for ABAP and ABAP Platform751affected
SAPNetWeaver Application Server for ABAP and ABAP Platform752affected
SAPNetWeaver Application Server for ABAP and ABAP Platform753affected
SAPNetWeaver Application Server for ABAP and ABAP Platform754affected
SAPNetWeaver Application Server for ABAP and ABAP Platform755affected
SAPNetWeaver Application Server for ABAP and ABAP Platform756affected
SAPNetWeaver Application Server for ABAP and ABAP Platform757affected
SAPNetWeaver Application Server for ABAP and ABAP Platform791affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References