SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3327896 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2023, 17:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:* cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:* cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Sap web Dispatcher
Sap Sap netweaver Application Server Java Sap hana Database Sap host Agent Sap netweaver Application Server Abap Sap extended Application Services And Runtime Sap sapssoext Sap content Server Sap commoncryptolib |
|
References | (MISC) https://me.sap.com/notes/3327896 - Permissions Required, Vendor Advisory | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
12 Sep 2023, 11:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 02:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-40308
Mitre link : CVE-2023-40308
CVE.ORG link : CVE-2023-40308
JSON object : View
Products Affected
sap
- host_agent
- commoncryptolib
- extended_application_services_and_runtime
- hana_database
- web_dispatcher
- netweaver_application_server_java
- netweaver_application_server_abap
- sapssoext
- content_server
CWE
CWE-476
NULL Pointer Dereference