← Volver a CVEs
CVE-2023-40309
CRITICAL9.8
Descripcion
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/12/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
sap:commoncryptolibsap:content_serversap:extended_application_services_and_runtimesap:hana_databasesap:host_agentsap:netweaver_application_server_abapsap:netweaver_application_server_javasap:sapssoextsap:web_dispatcher
Debilidades (CWE)
CWE-863
Referencias
https://me.sap.com/notes/3340576(cna@sap.com)
https://me.sap.com/notes/3340576(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.