CVE-2023-0014

Published Jan 10, 2023

Last updated a year ago

CVSS critical 9.8

Overview

Description: SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

cna@sap.com: CWE-294

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A8726A6-2AC2-4282-951F-A71AD03572F0"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E783E21-1F2A-44A2-BE1C-770370A6739B"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E8E6E23-EA96-45D5-BC81-3E5990701AD4"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A145BFD2-92C8-46B1-8F72-53F6C37018C2"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A5F121E-49BF-4F08-8623-79DDE0A37B63"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BF066A7-91C2-4B36-9A1B-80B1BC8A3E8D"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A677338F-5955-435C-91FD-CC5C1A387024"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A13006BE-0874-48D6-B8F6-47A117A2AE29"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.89:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65C7E312-AC74-4997-995F-74AB2E53B24B"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A4DCE73-B47A-4FDA-A96D-C251891C8E07"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AC795F5-1AE7-4B4C-B1DD-DEF46BB4122F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14757DC0-6CAC-4082-B726-719098C2216C"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D24E493-7256-4881-9761-D84918EC1D78"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C060979B-38D0-40FD-B1A1-571F5F7C5E8D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References