CVE-2023-23854 — Missing Authorization in SAP Netweaver AS Abap AND Abap Platform

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.8

EPSS

0.3%

top 50.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedFeb 14

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_abap_and_abap_platform8 versions+7

▶NVDsap/netweaver_application8 versions+7

🔴Vulnerability Details

CVEList

CVE-2023-23854: SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorizatio↗2023-02-14

▶

GHSA

GHSA-7gr3-j3pj-wgx8: SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorizatio↗2023-02-14

▶