CVE-2023-25618Uncontrolled Resource Consumption in SAP Netweaver AS FOR Abap AND Abap Platform

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Netweaver AS FOR Abap AND Abap PlatformSAP Netweaver Application Server Abap
Timeline
PublishedMar 14

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-58qr-8g5x-x8w6: SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multi2023-03-14
CVEList
Denial of Service (DoS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform2023-03-14
CVE-2023-25618 — Uncontrolled Resource Consumption | cvebase