Improper Authorization check vulnerability in SAP Message Server
CVE-2023-37491

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Message Server
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-37491?

The Access Control List (ACL) in specific versions of the SAP Message Server can be bypassed under certain conditions, allowing authenticated malicious users to infiltrate the network of SAP systems linked to the compromised server. This vulnerability raises serious concerns as it can lead to unauthorized access, enabling potential attackers to read and modify data unlawfully, in addition to risking the availability of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Message Server KERNEL 7.22

SAP Message Server KERNEL 7.53

SAP Message Server KERNEL 7.54

References

https://me.sap.com/notes/3344295

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 6, 2023

JSON

SAP

What is CVE-2023-37491?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.