Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
CVE-2023-35874

6MEDIUM

Key Information:

Vendor
SAP
Vendor
CVE Published:
11 July 2023

Summary

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Affected Version(s)

SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 722

SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 7.22EXT

SAP NetWeaver AS ABAP and ABAP Platform KRNL64UC 7.22

References

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.