CVE-2023-29185

CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.5%

top 32.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap (business Server Pages)SAP Netweaver AS Abap Business Server Pages

Timeline

PublishedApr 11

Description

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_(business_server_pages)13 versions+12

▶NVDsap/netweaver_as_abap_business13 versions+12

🔴Vulnerability Details

CVEList

Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)↗2023-04-11

▶

GHSA

GHSA-c9w5-v8r2-gv7f: SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authe↗2023-04-11

▶