CVE-2023-37492

🗓️ 08 Aug 2023 00:47:40Reported by sapType

SAP NetWeaver ABAP & Platform - multiple versions - Authorization check vulnerabilit

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of SAP NetWeaver AS ABAP and SAP NetWeaver ABAP integration platforms lies in the lack of authentication procedures, which allow attackers to escalate their privileges and gain unauthorized access to protected information.	11 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-37492	8 Aug 202307:13	–	circl
CNNVD	SAP NetWeaver Application Server Security Vulnerability	8 Aug 202300:00	–	cnnvd
Cvelist	CVE-2023-37492 Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform	8 Aug 202300:47	–	cvelist
EUVD	EUVD-2023-41379	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	9 Aug 202300:00	–	ncsc
NVD	CVE-2023-37492	8 Aug 202301:15	–	nvd
Prion	Authorization	8 Aug 202301:15	–	prion
Positive Technologies	PT-2023-4244 · Sap · Abap Platform +1	6 Jul 202300:00	–	ptsecurity
Tenable Nessus	SAP NetWeaver AS ABAP Privilege Escalation (3348000)	10 Aug 202300:00	–	nessus

NVD

Vulners

Node

sap netweaver_application_server_abapMatch700sap_basis

sap netweaver_application_server_abapMatch701sap_basis

sap netweaver_application_server_abapMatch702sap_basis

sap netweaver_application_server_abapMatch731sap_basis

sap netweaver_application_server_abapMatch740sap_basis

sap netweaver_application_server_abapMatch750sap_basis

sap netweaver_application_server_abapMatch752sap_basis

sap netweaver_application_server_abapMatch753sap_basis

sap netweaver_application_server_abapMatch754sap_basis

sap netweaver_application_server_abapMatch755sap_basis

sap netweaver_application_server_abapMatch756sap_basis

sap netweaver_application_server_abapMatch757sap_basis

sap netweaver_application_server_abapMatch758sap_basis

sap netweaver_application_server_abapMatch793sap_basis

sap netweaver_application_server_abapMatch804sap_basis

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS ABAP and ABAP Platform",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 700"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 701"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 702"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 731"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 740"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 750"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 752"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 753"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 754"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 793"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 804"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3348000
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

21 Nov 2024 08:11Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.14.9 - 6.5

EPSS0.00116

SSVC