2023-09-12 16:00:29 +00:00
{
"id" : "CVE-2023-40309" ,
2023-09-15 18:00:28 +00:00
"sourceIdentifier" : "cna@sap.com" ,
2023-09-12 16:00:29 +00:00
"published" : "2023-09-12T03:15:12.073" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:19:12.560" ,
2024-09-28 23:58:16 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-09-12 16:00:29 +00:00
"descriptions" : [
{
"lang" : "en" ,
2024-09-28 23:58:16 +00:00
"value" : "SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,\u00a0an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data."
2024-04-04 08:46:00 +00:00
} ,
{
"lang" : "es" ,
"value" : "SAP CommonCryptoLib no realiza las comprobaciones de autenticaci\u00f3n necesarias, lo que puede dar como resultado comprobaciones de autorizaci\u00f3n faltantes o incorrectas para un usuario autenticado, lo que resulta en una escalada de privilegios. Seg\u00fan la aplicaci\u00f3n y el nivel de privilegios adquiridos, un atacante podr\u00eda abusar de la funcionalidad restringida a un grupo de usuarios concreto, as\u00ed como leer, modificar o eliminar datos restringidos."
2023-09-12 16:00:29 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
2024-12-08 03:06:42 +00:00
"source" : "cna@sap.com" ,
"type" : "Secondary" ,
2023-09-15 18:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2023-09-15 18:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-15 18:00:28 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-09-12 16:00:29 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 9.8 ,
"baseSeverity" : "CRITICAL" ,
2023-09-12 16:00:29 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-12 16:00:29 +00:00
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
2023-09-15 18:00:28 +00:00
"source" : "cna@sap.com" ,
2024-12-15 03:03:56 +00:00
"type" : "Primary" ,
2023-09-12 16:00:29 +00:00
"description" : [
{
"lang" : "en" ,
2024-09-28 23:58:16 +00:00
"value" : "CWE-863"
2023-09-12 16:00:29 +00:00
}
]
}
] ,
2023-09-15 18:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "92E07A81-F35C-4BF4-8AB4-E5B3C3D09487"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "85520864-E99A-4576-847C-5E0EA1E6CEC5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A02FB973-7FA0-4881-B912-27F4CFBDC673"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ED7FD33E-6870-48EB-8695-67B9169D1808"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FF475F4D-11D8-401A-BAB8-8A31E81CEEEB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "30B0858F-6AE9-4163-B001-1481FD3AFF9F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6A56308E-B097-49F3-8963-1F34E8716CD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6C07042F-C47F-441E-AB32-B58A066909E2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "DBC44C62-0BFD-4170-B094-C82DEA473938"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D99F18BB-B44E-48B5-BD7C-D20E40915268"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A120BC2E-92B2-404A-ADF6-F1AF512631E6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "56F63498-DAC3-40EE-9625-51FA522BA0DB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "06155DA1-7EDD-4EBA-8EBB-F7352F4EC7D2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "104EE65A-202C-4F4E-B725-791A73687167"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0269C487-81F8-4240-BEF8-1A7C33864519"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "379FDFC8-947E-4D09-A9DD-4B3F7481F648"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7184F3A2-3408-4B7E-BEA6-BBF55909969F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BB2D30A5-DB16-4CB7-8135-3CE106FA5477"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D1657980-CBAC-41AC-A20E-18D7199EA244"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "771ED2D0-3BC5-4C36-BCEB-1A1C46667363"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0F05534F-3D2B-4983-9CC1-3A8BC7D421C8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AE19A598-2F90-4014-AC5B-352FBC154907"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "97EDAAC4-4885-46CE-860A-DDF92FF205C4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4E53E262-A23E-4D99-B2D8-DDCBEED85EA2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F7E61257-B187-4A83-96BD-D53CE11061D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "34E0B493-0860-4074-A383-F9C2A06EA8E9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D338B951-5C8F-4C14-931C-5F8AEA7F5924"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "525603B5-ADDC-4F58-B730-FC748A56D6E1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CA2270AE-437E-4FDE-9F53-690C0BCF9C2E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BD374580-7D80-4D7F-8D89-8F52F2DEA8D4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "59253D09-D58D-4013-8F29-2172C1B83AA8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "21316691-9A18-4B41-915E-491225CEF966"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2BB08C06-0E07-4317-B1AC-C1ECCF931E7A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8692B960-38A9-4035-88F5-C33D15B6A018"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1D9E47FB-D39A-40C3-AEEE-D6A5AE27F063"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "80C5A218-C623-41C5-A001-304046608CF9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "92E7B426-D50F-4AEE-B6F3-5D00C8A195F5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "039A11C9-D9D1-42BC-8DD4-2BCDAAF464CD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "784CA842-6657-4A02-96B0-76A66AC469C9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D3F76E6A-2F27-450C-AAB5-E49A64079CAC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "950DF1E2-990E-41EF-8779-CEC54C7CDC60"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E33D9481-3CF6-4AA3-B115-7903AC6DAE25"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F74EE4D5-E968-4851-89E6-4152F64930F2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "097ED3E8-49B1-497E-BD43-28C397FBEAE8"
}
]
}
]
}
] ,
2023-09-12 16:00:29 +00:00
"references" : [
{
"url" : "https://me.sap.com/notes/3340576" ,
2023-09-15 18:00:28 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Permissions Required" ,
"Vendor Advisory"
]
2023-09-12 16:00:29 +00:00
} ,
{
"url" : "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" ,
2023-09-15 18:00:28 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://me.sap.com/notes/3340576" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Permissions Required" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-09-12 16:00:29 +00:00
}
]
}
