← Back

CVE-2023-28763

nvd nist
Published: Apr 11, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

Affected (10)

Sap
1 product
Netweaver Application Server Abap
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Application Server Abap
Version 740
Netweaver Application Server Abap
Version 750
Netweaver Application Server Abap
Version 751
Netweaver Application Server Abap
Version 752
Netweaver Application Server Abap
Version 753
Netweaver Application Server Abap
Version 754
Netweaver Application Server Abap
Version 755
Netweaver Application Server Abap
Version 756
Netweaver Application Server Abap
Version 757
Netweaver Application Server Abap
Version 791

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.