{ "id": "CVE-2023-35874", "sourceIdentifier": "cna@sap.com", "published": "2023-07-11T03:15:10.050", "lastModified": "2024-11-21T08:08:53.180", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability." } ], "metrics": { "cvssMetricV31": [ { "source": "cna@sap.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "baseScore": 6.0, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW" }, "exploitabilityScore": 1.8, "impactScore": 3.7 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW" }, "exploitabilityScore": 3.1, "impactScore": 3.7 } ] }, "weaknesses": [ { "source": "cna@sap.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-306" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "6C07042F-C47F-441E-AB32-B58A066909E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "DBC44C62-0BFD-4170-B094-C82DEA473938" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*", "matchCriteriaId": "D99F18BB-B44E-48B5-BD7C-D20E40915268" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*", "matchCriteriaId": "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81:*:*:*:*:*:*:*", "matchCriteriaId": "F39863DC-8CF3-4FB9-8FBF-1776791D701F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*", "matchCriteriaId": "A120BC2E-92B2-404A-ADF6-F1AF512631E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*", "matchCriteriaId": "56F63498-DAC3-40EE-9625-51FA522BA0DB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*", "matchCriteriaId": "104EE65A-202C-4F4E-B725-791A73687167" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*", "matchCriteriaId": "0269C487-81F8-4240-BEF8-1A7C33864519" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "C2D5BECF-C4BA-44C7-9AD7-56865DD9AD60" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "AB7E91DE-A52F-4E57-8397-7670E30C8B5C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "23257C18-B75C-471C-9EAF-1E86DEE845FA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "A01290A1-3C1B-4AF7-9284-C164BDEC85A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "ADE160BD-659F-4517-B625-61CFB2FBD456" } ] } ] } ], "references": [ { "url": "https://me.sap.com/notes/3318850", "source": "cna@sap.com", "tags": [ "Permissions Required" ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "source": "cna@sap.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://me.sap.com/notes/3318850", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Permissions Required" ] }, { "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }