diff --git a/2023/31xxx/CVE-2023-31403.json b/2023/31xxx/CVE-2023-31403.json index a4cbf1b9ea2..eeb7fcd1035 100644 --- a/2023/31xxx/CVE-2023-31403.json +++ b/2023/31xxx/CVE-2023-31403.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.\n\n" + "value": "SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-284: Improper Access Control", - "cweId": "CWE-284" + "value": "CWE-863: Incorrect Authorization", + "cweId": "CWE-863" } ] } diff --git a/2023/32xxx/CVE-2023-32114.json b/2023/32xxx/CVE-2023-32114.json index 1c58c018c56..0fc9cbf8115 100644 --- a/2023/32xxx/CVE-2023-32114.json +++ b/2023/32xxx/CVE-2023-32114.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.\n\n" + "value": "SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption", - "cweId": "CWE-400" + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } diff --git a/2023/33xxx/CVE-2023-33990.json b/2023/33xxx/CVE-2023-33990.json index ae4c62926ab..4b2a2aa176c 100644 --- a/2023/33xxx/CVE-2023-33990.json +++ b/2023/33xxx/CVE-2023-33990.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAP SQL Anywhere\u00a0- version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted.\n\n" + "value": "SAP SQL Anywhere\u00a0- version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a Denial of Service. Further, an attacker might be able to modify sensitive data in shared memory objects.This issue only affects SAP SQL Anywhere on Windows. Other platforms are not impacted." } ] }, @@ -25,6 +25,15 @@ "cweId": "CWE-732" } ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-277: Insecure Inherited Permissions", + "cweId": "CWE-277" + } + ] } ] }, diff --git a/2023/35xxx/CVE-2023-35870.json b/2023/35xxx/CVE-2023-35870.json index 2c705055084..5e34e472f5b 100644 --- a/2023/35xxx/CVE-2023-35870.json +++ b/2023/35xxx/CVE-2023-35870.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.\n\n" + "value": "When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-284: Improper Access Control", - "cweId": "CWE-284" + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource", + "cweId": "CWE-732" } ] } diff --git a/2023/35xxx/CVE-2023-35874.json b/2023/35xxx/CVE-2023-35874.json index 449c5dba4c7..349149fb211 100644 --- a/2023/35xxx/CVE-2023-35874.json +++ b/2023/35xxx/CVE-2023-35874.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.\n\n" + "value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability." } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-287: Improper Authentication", - "cweId": "CWE-287" + "value": "CWE-306: Missing Authentication for Critical Function", + "cweId": "CWE-306" } ] }