Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-0014

Опубликовано: 10 янв. 2023
Источник: nvd
CVSS3: 9
CVSS3: 9.8
EPSS Низкий

Описание

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.89:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.53:*:*:*:*:*:*:*

EPSS

Процентиль: 61%
0.00412
Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-294

Связанные уязвимости

github логотип

GHSA-44h8-4xm9-fmpv

CVSS3: 9.8
github
около 3 лет назад

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

fstec логотип

BDU:2023-00197

CVSS3: 9
fstec
около 3 лет назад

Уязвимость программного обеспечения разработки и выполнения приложений на языке ABAP SAP NetWeaver Application Server ABAP, связанная с обходом процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к системе

EPSS

Процентиль: 61%
0.00412
Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-294