Missing Authorization check in SAP CommonCryptoLib
CVE-2023-40309
9.8CRITICAL
Key Information:
- Vendor
SAP
- Status
- Vendor
- CVE Published:
- 12 September 2023
What is CVE-2023-40309?
The SAP CommonCryptoLib has a critical vulnerability where it fails to implement essential authentication checks. This oversight can lead to improper or missing authorization verifications for users. As a result, an authenticated attacker may exploit this weakness to escalate their privileges, potentially gaining access to functionalities meant for specific user groups. This could allow the attacker to read, alter, or remove sensitive data that should be restricted.
Affected Version(s)
SAP CommonCryptoLib 8
SAP Content Server 6.50
SAP Content Server 7.53