SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/3089413 | Permissions Required Vendor Advisory |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 03:59
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. |
09 Feb 2023, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.81:*:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_krnl64nuc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_krnl64uc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.81:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap_kernel:7.22:*:*:*:*:*:*:* |
| First Time |
Sap netweaver Application Server Abap Krnl64nuc
Sap netweaver Application Server Abap Krnl64uc Sap netweaver Application Server Abap Kernel |
13 Jan 2023, 18:02
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sap
Sap netweaver Application Server Abap Sap netweaver As Abap Krnl64uc Sap netweaver As Abap Kernel Sap netweaver As Abap Krnl64nuc |
|
| References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
| References | (MISC) https://launchpad.support.sap.com/#/notes/3089413 - Permissions Required, Vendor Advisory | |
| CPE | cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:* cpe:2.3:a:sap:netweaver_as_abap_kernel:7.81:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
10 Jan 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-01-10 04:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0014
Mitre link : CVE-2023-0014
CVE.ORG link : CVE-2023-0014
JSON object : View
Products Affected
sap
- netweaver_application_server_abap_krnl64nuc
- netweaver_application_server_abap_krnl64uc
- netweaver_application_server_abap_kernel
- netweaver_application_server_abap
CWE
CWE-294
Authentication Bypass by Capture-replay