Vulnerability-Lookup

CVE-2023-40308 (GCVE-0-2023-40308)

Vulnerability from cvelistv5 – Published: 2023-09-12 01:21 – Updated: 2024-09-26 18:22

Title

Memory Corruption vulnerability in SAP CommonCryptoLib

Summary

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

sap

References

URL

GHSA-QR3G-7VMG-24HH

Vulnerability from github – Published: 2023-09-15 18:30 – Updated: 2024-09-26 21:31

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-40308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T02:15:12Z",
    "severity": "HIGH"
  },
  "details": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n",
  "id": "GHSA-qr3g-7vmg-24hh",
  "modified": "2024-09-26T21:31:10Z",
  "published": "2023-09-15T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40308"
    },
    {
      "type": "WEB",
      "url": "https://me.sap.com/notes/3327896"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-40308

Vulnerability from fstec - Published: 11.09.2023

Title

Уязвимость библиотеки SAP CommonCryptoLib, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость библиотеки SAP CommonCryptoLib связана с ошибками разыменования указателей. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

SAP

Software Name

HANA Database, SAP HANA Extended Application Services, SAP Content Server, SAP Web Dispatcher, SAP NetWeaver Application Server, SAP Host Agent, SAP CommonCryptoLib, SAP NetWeaver Java Application Server, SAPSSOEXT

Software Version

2.00 (HANA Database), 1.0 (SAP HANA Extended Application Services), 7.53 (SAP Content Server), 7.53 (SAP Web Dispatcher), 7.77 (SAP Web Dispatcher), 7.85 (SAP Web Dispatcher), 7.22EXT (SAP Web Dispatcher), 7.54 (SAP Web Dispatcher), 7.89 (SAP Web Dispatcher), kernel 7.22 (SAP NetWeaver Application Server), kernel 7.53 (SAP NetWeaver Application Server), kernel 7.54 (SAP NetWeaver Application Server), kernel 7.77 (SAP NetWeaver Application Server), kernel 7.85 (SAP NetWeaver Application Server), kernel 7.89 (SAP NetWeaver Application Server), kernel 7.92 (SAP NetWeaver Application Server), kernel 7.93 (SAP NetWeaver Application Server), krnl64nuc 7.22 (SAP NetWeaver Application Server), krnl64nuc 7.22ext (SAP NetWeaver Application Server), krnl64uc 7.22 (SAP NetWeaver Application Server), krnl64uc 7.22ext (SAP NetWeaver Application Server), krnl64uc 7.53 (SAP NetWeaver Application Server), 7.22 (SAP Host Agent), 8.0.0 (SAP CommonCryptoLib), 6.50 (SAP Content Server), 7.54 (SAP Content Server), krnl64uc 8.04 (SAP NetWeaver Application Server), kernel 7.91 (SAP NetWeaver Application Server), kernel 8.04 (SAP NetWeaver Application Server), krnl64nuc 7.22 (SAP NetWeaver Java Application Server), krnl64nuc 7.22ext (SAP NetWeaver Java Application Server), krnl64uc 7.22 (SAP NetWeaver Java Application Server), krnl64uc 7.22ext (SAP NetWeaver Java Application Server), krnl64uc 7.53 (SAP NetWeaver Java Application Server), krnl64uc 8.04 (SAP NetWeaver Java Application Server), kernel 7.22 (SAP NetWeaver Java Application Server), kernel 7.53 (SAP NetWeaver Java Application Server), kernel 7.54 (SAP NetWeaver Java Application Server), kernel 7.77 (SAP NetWeaver Java Application Server), kernel 7.85 (SAP NetWeaver Java Application Server), kernel 7.89 (SAP NetWeaver Java Application Server), kernel 7.91 (SAP NetWeaver Java Application Server), kernel 7.92 (SAP NetWeaver Java Application Server), kernel 7.93 (SAP NetWeaver Java Application Server), kernel 8.04 (SAP NetWeaver Java Application Server), 17.0 (SAPSSOEXT), 7.22ext (SAP NetWeaver Application Server)

Possible Mitigations

Использование рекомендаций: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Reference

https://me.sap.com/notes/3327896 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "SAP",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "2.00 (HANA Database), 1.0 (SAP HANA Extended Application Services), 7.53 (SAP Content Server), 7.53 (SAP Web Dispatcher), 7.77 (SAP Web Dispatcher), 7.85 (SAP Web Dispatcher), 7.22EXT (SAP Web Dispatcher), 7.54 (SAP Web Dispatcher), 7.89 (SAP Web Dispatcher), kernel 7.22 (SAP NetWeaver Application Server), kernel 7.53 (SAP NetWeaver Application Server), kernel 7.54 (SAP NetWeaver Application Server), kernel 7.77 (SAP NetWeaver Application Server), kernel 7.85 (SAP NetWeaver Application Server), kernel 7.89 (SAP NetWeaver Application Server), kernel 7.92 (SAP NetWeaver Application Server), kernel 7.93 (SAP NetWeaver Application Server), krnl64nuc 7.22 (SAP NetWeaver Application Server), krnl64nuc 7.22ext (SAP NetWeaver Application Server), krnl64uc 7.22 (SAP NetWeaver Application Server), krnl64uc 7.22ext (SAP NetWeaver Application Server), krnl64uc 7.53 (SAP NetWeaver Application Server), 7.22 (SAP Host Agent), 8.0.0 (SAP CommonCryptoLib), 6.50 (SAP Content Server), 7.54 (SAP Content Server), krnl64uc 8.04 (SAP NetWeaver Application Server), kernel 7.91 (SAP NetWeaver Application Server), kernel 8.04 (SAP NetWeaver Application Server), krnl64nuc 7.22 (SAP NetWeaver Java Application Server), krnl64nuc 7.22ext (SAP NetWeaver Java Application Server), krnl64uc 7.22 (SAP NetWeaver Java Application Server), krnl64uc 7.22ext (SAP NetWeaver Java Application Server), krnl64uc 7.53 (SAP NetWeaver Java Application Server), krnl64uc 8.04 (SAP NetWeaver Java Application Server), kernel 7.22 (SAP NetWeaver Java Application Server), kernel 7.53 (SAP NetWeaver Java Application Server), kernel 7.54 (SAP NetWeaver Java Application Server), kernel 7.77 (SAP NetWeaver Java Application Server), kernel 7.85 (SAP NetWeaver Java Application Server), kernel 7.89 (SAP NetWeaver Java Application Server), kernel 7.91 (SAP NetWeaver Java Application Server), kernel 7.92 (SAP NetWeaver Java Application Server), kernel 7.93 (SAP NetWeaver Java Application Server), kernel 8.04 (SAP NetWeaver Java Application Server), 17.0 (SAPSSOEXT), 7.22ext (SAP NetWeaver Application Server)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.09.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "01.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.11.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07394",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-40308",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "HANA Database, SAP HANA Extended Application Services, SAP Content Server, SAP Web Dispatcher, SAP NetWeaver Application Server, SAP Host Agent, SAP CommonCryptoLib, SAP NetWeaver Java Application Server, SAPSSOEXT",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 SAP CommonCryptoLib, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 SAP CommonCryptoLib \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://me.sap.com/notes/3327896\nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0423\u0411\u0414, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTFR-2023-AVI-0737

Vulnerability from certfr_avis - Published: 2023-09-13 - Updated: 2023-09-13

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SAP	N/A	SAP Business Objects Business Intelligence Platform (CMC) versions 420 et 430
SAP	N/A	SAP S/4HANA (Create Single Payment application) versions 100, 101, 102, 103, 104, 105, 106, 107 et 108
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (versions Management System) versions 430
SAP	N/A	SAPExtended Application Services and Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00
SAP	N/A	SAP NetWeaver Process Integration versions 7.50
SAP	N/A	SAPHANA Database versions 2.0
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (Promotion Management) versions 420 et 430
SAP	N/A	SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89
SAP	N/A	S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106 et 107
SAP	N/A	SAP Business Client versions 6.5, 7.0 et 7.70
SAP	N/A	SAP NetWeaver AS ABAP (applications based on Unified Rendering) versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702 et SAP_BASIS 731
SAP	N/A	SAP NetWeaver (Guided Procedures) versions 7.50
SAP	N/A	SAPUI5 versions SAP_UI 750, SAP_UI 753, SAP_UI 754, SAP_UI 755, SAP_UI 756 et UI_700 200
SAP	N/A	SAPSSOEXT versions 17
SAP	N/A	Product-SAP BusinessObjects Suite (Installer) versions 420 et 430
SAP	N/A	SAP Quotation Management Insurance (FS-QUO) versions 400, 510, 700 et 800
SAP	N/A	SAP S/4HANA (Manage Catalog Items and Cross-Catalog search) versions S4CORE 103, S4CORE 104, S4CORE 105 et S4CORE 106
SAP	N/A	SAPHost Agent versions 722
SAP	SAP BusinessObjects Business Intelligence	SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) versions 420
SAP	N/A	SAPContent Server versions 6.50, 7.53, 7.54
SAP	N/A	SAP PowerDesignerClient versions 16.7
SAP	N/A	S4 HANA ABAP (Manage checkbook apps) versions 102, 103, 104, 105, 106 et 107
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22 et KERNEL64NUC 7.22EXT

References

Title

Publication Time

GSD-2023-40308

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-40308

Aliases

CVE-2023-40308

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-40308",
    "id": "GSD-2023-40308"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-40308"
      ],
      "details": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n",
      "id": "GSD-2023-40308",
      "modified": "2023-12-13T01:20:43.637604Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2023-40308",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP CommonCryptoLib",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "8"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.54"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.77"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.85"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.89"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.91"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.92"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 7.93"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL 8.04"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64UC 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64UC 7.22EXT"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64UC 7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64UC 8.04"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64NUC 7.22"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "KERNEL64NUC 7.22EXT"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Web Dispatcher",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.22EXT"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.54"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.77"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.85"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.89"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Content Server",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "6.50"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.53"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "7.54"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP HANA Database",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.00"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Host Agent",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "722"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Extended Application Services and Runtime (XSA)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "SAP_EXTENDED_APP_SERVICES 1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "XS_ADVANCED_RUNTIME 1.00"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAPSSOEXT",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "17"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP_SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-476",
                "lang": "eng",
                "value": "CWE-476: Pointer Dereference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://me.sap.com/notes/3327896",
            "refsource": "MISC",
            "url": "https://me.sap.com/notes/3327896"
          },
          {
            "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
            "refsource": "MISC",
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2023-40308"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-476"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://me.sap.com/notes/3327896",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://me.sap.com/notes/3327896"
            },
            {
              "name": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-09-15T17:10Z",
      "publishedDate": "2023-09-12T02:15Z"
    }
  }
}

FKIE_CVE-2023-40308

Vulnerability from fkie_nvd - Published: 2023-09-12 02:15 - Updated: 2024-11-21 08:19

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cna@sap.com	https://me.sap.com/notes/3327896	Permissions Required, Vendor Advisory
cna@sap.com	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://me.sap.com/notes/3327896	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	commoncryptolib	8.0.0
sap	content_server	6.50
sap	content_server	7.53
sap	content_server	7.54
sap	extended_application_services_and_runtime	1.0
sap	hana_database	2.0
sap	host_agent	722
sap	netweaver_application_server_abap	7.22ext
sap	netweaver_application_server_abap	kernel_7.22
sap	netweaver_application_server_abap	kernel_7.53
sap	netweaver_application_server_abap	kernel_7.54
sap	netweaver_application_server_abap	kernel_7.77
sap	netweaver_application_server_abap	kernel_7.85
sap	netweaver_application_server_abap	kernel_7.89
sap	netweaver_application_server_abap	kernel_7.91
sap	netweaver_application_server_abap	kernel_7.92
sap	netweaver_application_server_abap	kernel_7.93
sap	netweaver_application_server_abap	kernel_8.04
sap	netweaver_application_server_abap	kernel64nuc_7.22
sap	netweaver_application_server_abap	kernel64nuc_7.22ext
sap	netweaver_application_server_abap	kernel64uc_7.22
sap	netweaver_application_server_abap	kernel64uc_7.22ext
sap	netweaver_application_server_abap	kernel64uc_7.53
sap	netweaver_application_server_abap	kernel64uc_8.04
sap	netweaver_application_server_java	kernel_7.22
sap	netweaver_application_server_java	kernel_7.53
sap	netweaver_application_server_java	kernel_7.54
sap	netweaver_application_server_java	kernel_7.77
sap	netweaver_application_server_java	kernel_7.85
sap	netweaver_application_server_java	kernel_7.89
sap	netweaver_application_server_java	kernel_7.91
sap	netweaver_application_server_java	kernel_7.92
sap	netweaver_application_server_java	kernel_7.93
sap	netweaver_application_server_java	kernel_8.04
sap	netweaver_application_server_java	kernel64nuc_7.22
sap	netweaver_application_server_java	kernel64nuc_7.22ext
sap	netweaver_application_server_java	kernel64uc_7.22
sap	netweaver_application_server_java	kernel64uc_7.22ext
sap	netweaver_application_server_java	kernel64uc_7.53
sap	netweaver_application_server_java	kernel64uc_8.04
sap	sapssoext	17.0
sap	web_dispatcher	7.22ext
sap	web_dispatcher	7.53
sap	web_dispatcher	7.54
sap	web_dispatcher	7.77
sap	web_dispatcher	7.85
sap	web_dispatcher	7.89

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E07A81-F35C-4BF4-8AB4-E5B3C3D09487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "85520864-E99A-4576-847C-5E0EA1E6CEC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02FB973-7FA0-4881-B912-27F4CFBDC673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7FD33E-6870-48EB-8695-67B9169D1808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF475F4D-11D8-401A-BAB8-8A31E81CEEEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30B0858F-6AE9-4163-B001-1481FD3AFF9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A56308E-B097-49F3-8963-1F34E8716CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C07042F-C47F-441E-AB32-B58A066909E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBC44C62-0BFD-4170-B094-C82DEA473938",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99F18BB-B44E-48B5-BD7C-D20E40915268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "A120BC2E-92B2-404A-ADF6-F1AF512631E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "56F63498-DAC3-40EE-9625-51FA522BA0DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "06155DA1-7EDD-4EBA-8EBB-F7352F4EC7D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "104EE65A-202C-4F4E-B725-791A73687167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "0269C487-81F8-4240-BEF8-1A7C33864519",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7184F3A2-3408-4B7E-BEA6-BBF55909969F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB2D30A5-DB16-4CB7-8135-3CE106FA5477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1657980-CBAC-41AC-A20E-18D7199EA244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "771ED2D0-3BC5-4C36-BCEB-1A1C46667363",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F05534F-3D2B-4983-9CC1-3A8BC7D421C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE19A598-2F90-4014-AC5B-352FBC154907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "97EDAAC4-4885-46CE-860A-DDF92FF205C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E53E262-A23E-4D99-B2D8-DDCBEED85EA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E61257-B187-4A83-96BD-D53CE11061D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E0B493-0860-4074-A383-F9C2A06EA8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "D338B951-5C8F-4C14-931C-5F8AEA7F5924",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "525603B5-ADDC-4F58-B730-FC748A56D6E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2270AE-437E-4FDE-9F53-690C0BCF9C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD374580-7D80-4D7F-8D89-8F52F2DEA8D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "59253D09-D58D-4013-8F29-2172C1B83AA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "21316691-9A18-4B41-915E-491225CEF966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB08C06-0E07-4317-B1AC-C1ECCF931E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "8692B960-38A9-4035-88F5-C33D15B6A018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D9E47FB-D39A-40C3-AEEE-D6A5AE27F063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C5A218-C623-41C5-A001-304046608CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E7B426-D50F-4AEE-B6F3-5D00C8A195F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "039A11C9-D9D1-42BC-8DD4-2BCDAAF464CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "784CA842-6657-4A02-96B0-76A66AC469C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3F76E6A-2F27-450C-AAB5-E49A64079CAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*",
              "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information."
    },
    {
      "lang": "es",
      "value": "SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se env\u00eda a un puerto abierto, provoca un error de corrupci\u00f3n de memoria en una librer\u00eda, lo que a su vez provoca que el componente de target falle y deje de estar disponible. No hay posibilidad de ver o modificar ninguna informaci\u00f3n."
    }
  ],
  "id": "CVE-2023-40308",
  "lastModified": "2024-11-21T08:19:12.393",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-12T02:15:12.610",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://me.sap.com/notes/3327896"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://me.sap.com/notes/3327896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "cna@sap.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-40308 (GCVE-0-2023-40308)

GHSA-QR3G-7VMG-24HH

CVE-2023-40308

CERTFR-2023-AVI-0737

Solution

GSD-2023-40308

FKIE_CVE-2023-40308

Tags

Sightings

Nomenclature