CVE-2023-40308
Memory Corruption vulnerability in SAP CommonCryptoLib
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se envía a un puerto abierto, provoca un error de corrupción de memoria en una librería, lo que a su vez provoca que el componente de target falle y deje de estar disponible. No hay posibilidad de ver o modificar ninguna información.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-14 CVE Reserved
- 2023-09-12 CVE Published
- 2024-09-26 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-09-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Commoncryptolib Search vendor "Sap" for product "Commoncryptolib" | 8.0.0 Search vendor "Sap" for product "Commoncryptolib" and version "8.0.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 6.50 Search vendor "Sap" for product "Content Server" and version "6.50" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 7.53 Search vendor "Sap" for product "Content Server" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 7.54 Search vendor "Sap" for product "Content Server" and version "7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Extended Application Services And Runtime Search vendor "Sap" for product "Extended Application Services And Runtime" | 1.0 Search vendor "Sap" for product "Extended Application Services And Runtime" and version "1.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Hana Database Search vendor "Sap" for product "Hana Database" | 2.0 Search vendor "Sap" for product "Hana Database" and version "2.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Host Agent Search vendor "Sap" for product "Host Agent" | 722 Search vendor "Sap" for product "Host Agent" and version "722" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.53 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.54 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.77 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.85 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.89 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.89" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.91 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.91" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.92 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.92" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.93 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.93" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_8.04 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64nuc_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64nuc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64nuc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64nuc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.53 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_8.04 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.53 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.54 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.77 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.85 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.89 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.89" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.91 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.91" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.92 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.92" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.93 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.93" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_8.04 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64nuc_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64nuc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64nuc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64nuc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.53 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_8.04 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sapssoext Search vendor "Sap" for product "Sapssoext" | 17.0 Search vendor "Sap" for product "Sapssoext" and version "17.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.22ext Search vendor "Sap" for product "Web Dispatcher" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.53 Search vendor "Sap" for product "Web Dispatcher" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.54 Search vendor "Sap" for product "Web Dispatcher" and version "7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.77 Search vendor "Sap" for product "Web Dispatcher" and version "7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.85 Search vendor "Sap" for product "Web Dispatcher" and version "7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.89 Search vendor "Sap" for product "Web Dispatcher" and version "7.89" | - |
Affected
| ||||||