CVE-2023-35874 MEDIUM

CVE-2023-35874: Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

Vendor Sap_Se
Product SAP NetWeaver AS ABAP and ABAP Platform
Weakness CWE-306 · Missing auth
Published July 11, 2023
Last update October 23, 2024

CVSS base score

6.0/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
October 23, 2024 Record updated