CVE-2023-40308

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3327896	Permissions Required Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:commoncryptolib:8.0.0:::::::*
	cpe:2.3:a:sap:content_server:6.50:::::::*
	cpe:2.3:a:sap:content_server:7.53:::::::*
	cpe:2.3:a:sap:content_server:7.54:::::::*
	cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:::::::*
	cpe:2.3:a:sap:hana_database:2.0:::::::*
	cpe:2.3:a:sap:host_agent:722:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:sapssoext:17.0:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.22ext:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.53:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.54:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.77:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

History

15 Sep 2023, 17:10

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:::::::* cpe:2.3:a:sap:web_dispatcher:7.89:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:::::::* cpe:2.3:a:sap:content_server:7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:::::::* cpe:2.3:a:sap:web_dispatcher:7.77:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:::::::* cpe:2.3:a:sap:content_server:6.50:::::::* cpe:2.3:a:sap:commoncryptolib:8.0.0:::::::* cpe:2.3:a:sap:web_dispatcher:7.22ext:::::::* cpe:2.3:a:sap:sapssoext:17.0:::::::* cpe:2.3:a:sap:web_dispatcher:7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:::::::* cpe:2.3:a:sap:web_dispatcher:7.85:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:::::::* cpe:2.3:a:sap:web_dispatcher:7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:::::::* cpe:2.3:a:sap:content_server:7.53:::::::* cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:::::::* cpe:2.3:a:sap:hana_database:2.0:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:::::::* cpe:2.3:a:sap:host_agent:722:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:::::::* cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Sap web Dispatcher Sap Sap netweaver Application Server Java Sap hana Database Sap host Agent Sap netweaver Application Server Abap Sap extended Application Services And Runtime Sap sapssoext Sap content Server Sap commoncryptolib
References	~~(MISC) https://me.sap.com/notes/3327896 -~~	(MISC) https://me.sap.com/notes/3327896 - Permissions Required, Vendor Advisory
References	~~(MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html -~~	(MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

12 Sep 2023, 11:52

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-12 02:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-40308

Mitre link : CVE-2023-40308

CVE.ORG link : CVE-2023-40308

JSON object : View

Products Affected

sap

host_agent
commoncryptolib
extended_application_services_and_runtime
hana_database
web_dispatcher
netweaver_application_server_java
netweaver_application_server_abap
sapssoext
content_server

CWE

CWE-476

NULL Pointer Dereference

7.5 /10