← Voltar para CVEs
CVE-2023-40309
CRITICAL9.8
Descricao
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado9/12/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
sap:commoncryptolibsap:content_serversap:extended_application_services_and_runtimesap:hana_databasesap:host_agentsap:netweaver_application_server_abapsap:netweaver_application_server_javasap:sapssoextsap:web_dispatcher
Fraquezas (CWE)
CWE-863
Referencias
https://me.sap.com/notes/3340576(cna@sap.com)
https://me.sap.com/notes/3340576(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.