CVE-2023-27897
Code Injection vulnerability in SAP CRM
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-07 CVE Reserved
- 2023-04-11 CVE Published
- 2024-08-02 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-04-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Customer Relationship Management Search vendor "Sap" for product "Customer Relationship Management" | 700 Search vendor "Sap" for product "Customer Relationship Management" and version "700" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Customer Relationship Management Search vendor "Sap" for product "Customer Relationship Management" | 701 Search vendor "Sap" for product "Customer Relationship Management" and version "701" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Customer Relationship Management Search vendor "Sap" for product "Customer Relationship Management" | 702 Search vendor "Sap" for product "Customer Relationship Management" and version "702" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Customer Relationship Management Search vendor "Sap" for product "Customer Relationship Management" | 712 Search vendor "Sap" for product "Customer Relationship Management" and version "712" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Customer Relationship Management Search vendor "Sap" for product "Customer Relationship Management" | 713 Search vendor "Sap" for product "Customer Relationship Management" and version "713" | - |
Affected
| ||||||