CVE-2023-28763

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedApr 11

Description

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_and_abap_platform10 versions+9

▶NVDsap/netweaver_application10 versions+9

🔴Vulnerability Details

GHSA

GHSA-9j88-8w42-xmxg: SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-adm↗2023-04-11

▶

CVEList

Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-04-11

▶