CVE-2023-35874

Published Jul 11, 2023

Last updated 2 months ago

CVSS high 7.4

Overview

Description: SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.4
Impact score: 3.7
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Severity: HIGH

Weaknesses

cna@sap.com: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C07042F-C47F-441E-AB32-B58A066909E2"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBC44C62-0BFD-4170-B094-C82DEA473938"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D99F18BB-B44E-48B5-BD7C-D20E40915268"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F39863DC-8CF3-4FB9-8FBF-1776791D701F"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A120BC2E-92B2-404A-ADF6-F1AF512631E6"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56F63498-DAC3-40EE-9625-51FA522BA0DB"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104EE65A-202C-4F4E-B725-791A73687167"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0269C487-81F8-4240-BEF8-1A7C33864519"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D5BECF-C4BA-44C7-9AD7-56865DD9AD60"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB7E91DE-A52F-4E57-8397-7670E30C8B5C"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23257C18-B75C-471C-9EAF-1E86DEE845FA"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01290A1-3C1B-4AF7-9284-C164BDEC85A2"
          },
          {
            "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADE160BD-659F-4517-B625-61CFB2FBD456"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References