CVE-2023-25615
SQL Injection vulnerability in SAP ABAP Platform
Severity Score
4.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-02-09 CVE Reserved
- 2023-03-14 CVE Published
- 2024-08-02 CVE Updated
- 2024-10-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-04-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 751 Search vendor "Sap" for product "Abap Platform" and version "751" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 753 Search vendor "Sap" for product "Abap Platform" and version "753" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 754 Search vendor "Sap" for product "Abap Platform" and version "754" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 756 Search vendor "Sap" for product "Abap Platform" and version "756" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 757 Search vendor "Sap" for product "Abap Platform" and version "757" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Abap Platform Search vendor "Sap" for product "Abap Platform" | 791 Search vendor "Sap" for product "Abap Platform" and version "791" | - |
Affected
| ||||||