CVE-2023-40308

Summary

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP CommonCryptoLib8affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.22affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.53affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.54affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.77affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.85affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.89affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.91affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.92affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.93affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 8.04affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.22affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.22EXTaffected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.53affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 8.04affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64NUC 7.22affected
SAP_SESAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64NUC 7.22EXTaffected
SAP_SESAP Web Dispatcher7.22EXTaffected
SAP_SESAP Web Dispatcher7.53affected
SAP_SESAP Web Dispatcher7.54affected
SAP_SESAP Web Dispatcher7.77affected
SAP_SESAP Web Dispatcher7.85affected
SAP_SESAP Web Dispatcher7.89affected
SAP_SESAP Content Server6.50affected
SAP_SESAP Content Server7.53affected
SAP_SESAP Content Server7.54affected
SAP_SESAP HANA Database2.00affected
SAP_SESAP Host Agent722affected
SAP_SESAP Extended Application Services and Runtime (XSA)SAP_EXTENDED_APP_SERVICES 1affected
SAP_SESAP Extended Application Services and Runtime (XSA)XS_ADVANCED_RUNTIME 1.00affected
SAP_SESAPSSOEXT17affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References