Improper Authorization check vulnerability in SAP Message Server
CVE-2023-37491

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Message Server
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-37491?

The Access Control List (ACL) in specific versions of the SAP Message Server can be bypassed under certain conditions, allowing authenticated malicious users to infiltrate the network of SAP systems linked to the compromised server. This vulnerability raises serious concerns as it can lead to unauthorized access, enabling potential attackers to read and modify data unlawfully, in addition to risking the availability of the affected systems.

Affected Version(s)

SAP Message Server KERNEL 7.22

SAP Message Server KERNEL 7.53

SAP Message Server KERNEL 7.54

References

https://me.sap.com/notes/3344295

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 6, 2023