← Zuruck zu CVEs
CVE-2023-25615
MEDIUM6.8
Beschreibung
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.
CVE Details
CVSS v3.1 Bewertung6.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionNONE
Veroffentlicht3/14/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sap:abap_platform
Schwachen (CWE)
CWE-89CWE-89
Referenzen
https://launchpad.support.sap.com/#/notes/3289844(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3289844(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.