CVE-2023-37491

🗓️ 08 Aug 2023 00:46:40Reported by sapType

CVE-2023-37491 SAP Message Server ACL bypass in KERNEL 7.22, 7.53, 7.54, 7.7

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the SAP Message Server, a software integration platform of SAP NetWeaver, allows attackers to gain read, modify, or delete access to data, or to cause service interruptions.	11 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-37491	8 Aug 202307:13	–	circl
CNNVD	SAP Message Server 授权问题漏洞	8 Aug 202300:00	–	cnnvd
CNVD	SAP Message Server Authorization Issues Vulnerability	11 Aug 202300:00	–	cnvd
Cvelist	CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server	8 Aug 202300:46	–	cvelist
EUVD	EUVD-2023-41378	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	9 Aug 202300:00	–	ncsc
NVD	CVE-2023-37491	8 Aug 202301:15	–	nvd
OSV	CVE-2023-37491	8 Aug 202301:15	–	osv
Prion	Code injection	8 Aug 202301:15	–	prion

NVD

Vulners

Node

sap message_serverMatchkernel_7.22

sap message_serverMatchkernel_7.53

sap message_serverMatchkernel_7.54

sap message_serverMatchkernel_7.77

sap message_serverMatchkrnl64nuc_7.22

sap message_serverMatchkrnl64nuc_7.22ex

sap message_serverMatchrnl64uc_7.22

sap message_serverMatchrnl64uc_7.22ext

sap message_serverMatchrnl64uc_7.53

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Message Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22EXT"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3344295
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

17 Jun 2026 06:08Current

8High risk

Vulners AI Score8

CVSS 3.17.5 - 8.8

EPSS0.0044

SSVC

CWE-863