CVE-2023-0014

CWE-2944 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Abap Server AND Abap Platform SAP Netweaver Application Server Abap SAP Netweaver Application Server Abap Kernel +2 more

Timeline

PublishedJan 10

Latest updateJun 22

Description

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5sap/netweaver_abap_server_and_abap_platform26 versions+25

▶NVDsap/netweaver_application23 versions+22

🔴Vulnerability Details

GHSA

GHSA-44h8-4xm9-fmpv: SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNE↗2023-01-10

▶

CVEList

Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-01-10

▶

📋Vendor Advisories

VMware

VMware vCenter Server updates address multiple memory corruption vulnerabilities (CVE-2023-20892, CVE-2023-20893, CVE-2023-20894, CVE-2023-20895, CVE-2023-20896)↗2023-06-22

▶