Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
CVE-2023-35874
Key Information:
- Vendor
- SAP
- Vendor
- CVE Published:
- 11 July 2023
Summary
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.
Affected Version(s)
SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 722
SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 7.22EXT
SAP NetWeaver AS ABAP and ABAP Platform KRNL64UC 7.22
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved