SapCVE-2023-25615CVE-2023-25615
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
27.5%
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | abap_platform | 751 | cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:* |
| sap | abap_platform | 753 | cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:* |
| sap | abap_platform | 754 | cpe:2.3:a:sap:abap_platform:754:*:*:*:*:*:*:* |
| sap | abap_platform | 756 | cpe:2.3:a:sap:abap_platform:756:*:*:*:*:*:*:* |
| sap | abap_platform | 757 | cpe:2.3:a:sap:abap_platform:757:*:*:*:*:*:*:* |
| sap | abap_platform | 791 | cpe:2.3:a:sap:abap_platform:791:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "ABAPΒ Platform",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "751"
},
{
"status": "affected",
"version": "753"
},
{
"status": "affected",
"version": "754"
},
{
"status": "affected",
"version": "756"
},
{
"status": "affected",
"version": "757"
},
{
"status": "affected",
"version": "791"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
27.5%