CVE-2023-0014

SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
sapCNA
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
sapnetweaver_application_server_abap_kernel
7.22
sapnetweaver_application_server_abap_kernel
7.53
sapnetweaver_application_server_abap_kernel
7.77
sapnetweaver_application_server_abap_kernel
7.81
sapnetweaver_application_server_abap_kernel
7.85
sapnetweaver_application_server_abap_kernel
7.89
sapnetweaver_application_server_abap_krnl64nuc
7.22
sapnetweaver_application_server_abap_krnl64nuc
7.22ext:ext
sapnetweaver_application_server_abap_krnl64uc
7.22
sapnetweaver_application_server_abap_krnl64uc
7.22ext:ext
sapnetweaver_application_server_abap_krnl64uc
7.53
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3089413
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3089413
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html