CVE-2023-0014 CRITICAL

CVE-2023-0014: Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Weakness CWE-294

Published January 10, 2023

Last update April 9, 2025

View on NVD All CVEs

CVSS base score

9.0/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

Key dates

02Disclosure timeline

January 10, 2023 CVE published

April 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0014 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/294.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0014

CWE CWE-294

CVSS 9.0 / CRITICAL

Affected versions

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 701

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 702

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 710

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 711

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 730

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 731

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 740

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 750

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 751

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 752

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 753

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 754

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 755

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 756

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected SAP_BASIS 757

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.22

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.53

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.77

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.81

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.85

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KERNEL 7.89

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KRNL64UC 7.22

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KRNL64UC 7.22EXT

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KRNL64UC 7.53

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KRNL64NUC 7.22

Vendor Sap

Product NetWeaver ABAP Server and ABAP Platform

Affected KRNL64NUC 7.22EXT

CVE-2023-0014: Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

01Description

02Disclosure timeline

03References

04Related CVE