Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

Published

2023-01-10T04:15:09.550

Last Modified

2024-11-21T07:36:23.730

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Primary
CWE-294

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_application_server_abap	700	Yes
Application	sap	netweaver_application_server_abap	701	Yes
Application	sap	netweaver_application_server_abap	702	Yes
Application	sap	netweaver_application_server_abap	710	Yes
Application	sap	netweaver_application_server_abap	711	Yes
Application	sap	netweaver_application_server_abap	730	Yes
Application	sap	netweaver_application_server_abap	731	Yes
Application	sap	netweaver_application_server_abap	740	Yes
Application	sap	netweaver_application_server_abap	750	Yes
Application	sap	netweaver_application_server_abap	751	Yes
Application	sap	netweaver_application_server_abap	752	Yes
Application	sap	netweaver_application_server_abap	753	Yes
Application	sap	netweaver_application_server_abap	754	Yes
Application	sap	netweaver_application_server_abap	755	Yes
Application	sap	netweaver_application_server_abap	756	Yes
Application	sap	netweaver_application_server_abap	757	Yes
Application	sap	netweaver_application_server_abap_kernel	7.22	Yes
Application	sap	netweaver_application_server_abap_kernel	7.53	Yes
Application	sap	netweaver_application_server_abap_kernel	7.77	Yes
Application	sap	netweaver_application_server_abap_kernel	7.81	Yes
Application	sap	netweaver_application_server_abap_kernel	7.85	Yes
Application	sap	netweaver_application_server_abap_kernel	7.89	Yes
Application	sap	netweaver_application_server_abap_krnl64nuc	7.22	Yes
Application	sap	netweaver_application_server_abap_krnl64nuc	7.22ext	Yes
Application	sap	netweaver_application_server_abap_krnl64uc	7.22	Yes
Application	sap	netweaver_application_server_abap_krnl64uc	7.22ext	Yes
Application	sap	netweaver_application_server_abap_krnl64uc	7.53	Yes

References

https://launchpad.support.sap.com/#/notes/3089413 Permissions Required, Vendor Advisory ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3089413 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)