CVE-2023-32114

Summary

SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver (Change and Transport System)702affected
SAP_SESAP NetWeaver (Change and Transport System)731affected
SAP_SESAP NetWeaver (Change and Transport System)740affected
SAP_SESAP NetWeaver (Change and Transport System)750affected
SAP_SESAP NetWeaver (Change and Transport System)751affected
SAP_SESAP NetWeaver (Change and Transport System)752affected
SAP_SESAP NetWeaver (Change and Transport System)753affected
SAP_SESAP NetWeaver (Change and Transport System)754affected
SAP_SESAP NetWeaver (Change and Transport System)755affected
SAP_SESAP NetWeaver (Change and Transport System)756affected
SAP_SESAP NetWeaver (Change and Transport System)757affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References