CVE-2023-35874Missing Authentication for Critical Function in SE SAP Netweaver AS Abap AND Abap Platform

CWE-306Missing Authentication for Critical FunctionCWE-287Improper Authentication3 documents3 sources
Severity
7.4HIGHNVD
CNA6.0
EPSS
0.1%
top 67.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS Abap AND Abap PlatformSAP Netweaver Application Server Abap
Timeline
PublishedJul 11

Description

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on co

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages2 packages

NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-37c2-5chg-wwj7: SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 72023-07-11
CVEList
Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform2023-07-11
CVE-2023-35874 — HIGH severity | cvebase