CVE-2023-40309
Missing Authorization check in SAP CommonCryptoLib
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
SAP CommonCryptoLib no realiza las comprobaciones de autenticación necesarias, lo que puede dar como resultado comprobaciones de autorización faltantes o incorrectas para un usuario autenticado, lo que resulta en una escalada de privilegios. Según la aplicación y el nivel de privilegios adquiridos, un atacante podría abusar de la funcionalidad restringida a un grupo de usuarios concreto, así como leer, modificar o eliminar datos restringidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-14 CVE Reserved
- 2023-09-12 CVE Published
- 2024-09-28 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-09-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Commoncryptolib Search vendor "Sap" for product "Commoncryptolib" | 8.0.0 Search vendor "Sap" for product "Commoncryptolib" and version "8.0.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 6.50 Search vendor "Sap" for product "Content Server" and version "6.50" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 7.53 Search vendor "Sap" for product "Content Server" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Content Server Search vendor "Sap" for product "Content Server" | 7.54 Search vendor "Sap" for product "Content Server" and version "7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Extended Application Services And Runtime Search vendor "Sap" for product "Extended Application Services And Runtime" | 1.0 Search vendor "Sap" for product "Extended Application Services And Runtime" and version "1.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Hana Database Search vendor "Sap" for product "Hana Database" | 2.0 Search vendor "Sap" for product "Hana Database" and version "2.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Host Agent Search vendor "Sap" for product "Host Agent" | 722 Search vendor "Sap" for product "Host Agent" and version "722" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | 7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.53 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.54 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.77 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.85 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.89 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.89" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.91 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.91" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.92 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.92" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_7.93 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_7.93" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel_8.04 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64nuc_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64nuc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64nuc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64nuc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.22 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_7.53 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Abap Search vendor "Sap" for product "Netweaver Application Server Abap" | kernel64uc_8.04 Search vendor "Sap" for product "Netweaver Application Server Abap" and version "kernel64uc_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.53 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.54 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.77 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.85 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.89 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.89" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.91 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.91" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.92 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.92" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_7.93 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_7.93" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel_8.04 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64nuc_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64nuc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64nuc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64nuc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.22 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.22" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.22ext Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_7.53 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | kernel64uc_8.04 Search vendor "Sap" for product "Netweaver Application Server Java" and version "kernel64uc_8.04" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Sapssoext Search vendor "Sap" for product "Sapssoext" | 17.0 Search vendor "Sap" for product "Sapssoext" and version "17.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.22ext Search vendor "Sap" for product "Web Dispatcher" and version "7.22ext" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.53 Search vendor "Sap" for product "Web Dispatcher" and version "7.53" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.54 Search vendor "Sap" for product "Web Dispatcher" and version "7.54" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.77 Search vendor "Sap" for product "Web Dispatcher" and version "7.77" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.85 Search vendor "Sap" for product "Web Dispatcher" and version "7.85" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Web Dispatcher Search vendor "Sap" for product "Web Dispatcher" | 7.89 Search vendor "Sap" for product "Web Dispatcher" and version "7.89" | - |
Affected
| ||||||