CVE-2023-35874

Published: Jul 11, 2023Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Exploitability: 3.1 / Impact: 3.7

Source: NVD

Description

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Affected (14)

Products: Sap: Netweaver Application Server Abap

Sap

1 product

Netweaver Application Server Abap

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Abap	Version kernel_7.22
Sap Netweaver Application Server Abap	Version kernel_7.53
Sap Netweaver Application Server Abap	Version kernel_7.54
Sap Netweaver Application Server Abap	Version kernel_7.77
Sap Netweaver Application Server Abap	Version kernel_7.81
Sap Netweaver Application Server Abap	Version kernel_7.85
Sap Netweaver Application Server Abap	Version kernel_7.89
Sap Netweaver Application Server Abap	Version kernel_7.92
Sap Netweaver Application Server Abap	Version kernel_7.93
Sap Netweaver Application Server Abap	Version krnl64nuc_7.22
Sap Netweaver Application Server Abap	Version krnl64nuc_7.22ext
Sap Netweaver Application Server Abap	Version krnl64uc_7.22
Sap Netweaver Application Server Abap	Version krnl64uc_7.22ext
Sap Netweaver Application Server Abap	Version krnl64uc_7.53