CVE-2023-0014
Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-16 CVE Reserved
- 2023-01-10 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-294: Authentication Bypass by Capture-replay
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 700 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "700" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 701 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "701" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 702 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "702" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 710 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "710" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 711 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "711" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 730 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "730" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 731 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "731" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 740 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "740" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 750 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "750" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 751 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "751" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 752 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "752" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 753 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "753" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 754 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "754" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 755 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "755" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 756 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "756" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 757 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "757" | sap_basis |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.22 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.53 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.77 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.81 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.81" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.85 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Kernel Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" | 7.89 Search vendor "Sap" for product "Netweaver Application Server Abap Kernel" and version "7.89" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Krnl64nuc Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64nuc" | 7.22 Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64nuc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Krnl64nuc Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64nuc" | 7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64nuc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Krnl64uc Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" | 7.22 Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" and version "7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Krnl64uc Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" | 7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Krnl64uc Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" | 7.53 Search vendor "Sap" for product "Netweaver Application Server Abap Krnl64uc" and version "7.53" | - |
Affected
| ||||||