CVE-2023-25615

CWE-89SQL InjectionCWE-306Missing Authentication3 documents3 sources
Severity
4.9MEDIUM
EPSS
0.5%
top 32.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Abap Platform
Timeline
PublishedMar 14

Description

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

CVEListV5sap/abap_platform6 versions+5
NVDsap/abap_platform6 versions+5

🔴Vulnerability Details

2
CVEList
SQL Injection vulnerability in SAP ABAP Platform2023-03-14
GHSA
GHSA-x94j-mc2f-6995: Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter t2023-03-14
CVE-2023-25615 (MEDIUM CVSS 4.9) | Due to insufficient input sanitizat | cvebase.io