← Back

CVE-2023-29185

nvd nist
Published: Apr 11, 2023Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

Affected (13)

Sap
1 product
Netweaver As Abap Business Server Pages
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver As Abap Business Server Pages
Version 700
Netweaver As Abap Business Server Pages
Version 701
Netweaver As Abap Business Server Pages
Version 702
Netweaver As Abap Business Server Pages
Version 731
Netweaver As Abap Business Server Pages
Version 740
Netweaver As Abap Business Server Pages
Version 750
Netweaver As Abap Business Server Pages
Version 751
Netweaver As Abap Business Server Pages
Version 752
Netweaver As Abap Business Server Pages
Version 753
Netweaver As Abap Business Server Pages
Version 754
Netweaver As Abap Business Server Pages
Version 755
Netweaver As Abap Business Server Pages
Version 756
Netweaver As Abap Business Server Pages
Version 757

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.