CVE-2023-32114

CWE-732 — Incorrect Permission Assignment CWE-400 — Uncontrolled Resource Consumption3 documents3 sources

Severity

2.7LOW

EPSS

0.1%

top 75.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver (change AND Transport System)SAP Netweaver

Timeline

PublishedJun 13

Description

SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_(change_and_transport_system)11 versions+10

▶NVDsap/netweaver11 versions+10

🔴Vulnerability Details

GHSA

GHSA-5fg8-8wg9-97x2: SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin↗2023-06-13

▶

CVEList

Denial of Service in SAP NetWeaver↗2023-06-13

▶