CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.  Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:solution_manager:740:*:*:*:*:*:*:*

History

11 Apr 2023, 04:16

Type Values Removed Values Added
Summary An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform.  Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.

29 Mar 2023, 07:32

Type Values Removed Values Added
References (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
References (MISC) https://launchpad.support.sap.com/#/notes/3296476 - (MISC) https://launchpad.support.sap.com/#/notes/3296476 - Permissions Required
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:sap:solution_manager:740:*:*:*:*:*:*:*
First Time Sap
Sap solution Manager

14 Mar 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-14 06:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-27893

Mitre link : CVE-2023-27893

CVE.ORG link : CVE-2023-27893


JSON object : View

Products Affected

sap

  • solution_manager
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')