CVE-2023-29185

Summary

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP (Business Server Pages)700affected
SAPNetWeaver AS for ABAP (Business Server Pages)701affected
SAPNetWeaver AS for ABAP (Business Server Pages)702affected
SAPNetWeaver AS for ABAP (Business Server Pages)731affected
SAPNetWeaver AS for ABAP (Business Server Pages)740affected
SAPNetWeaver AS for ABAP (Business Server Pages)750affected
SAPNetWeaver AS for ABAP (Business Server Pages)751affected
SAPNetWeaver AS for ABAP (Business Server Pages)752affected
SAPNetWeaver AS for ABAP (Business Server Pages)753affected
SAPNetWeaver AS for ABAP (Business Server Pages)754affected
SAPNetWeaver AS for ABAP (Business Server Pages)755affected
SAPNetWeaver AS for ABAP (Business Server Pages)756affected
SAPNetWeaver AS for ABAP (Business Server Pages)757affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References