Lucene search

[email protected]CVE-2023-40308

HistorySep 12, 2023 - 2:15 a.m.

CVE-2023-40308

2023-09-1202:15:12

CWE-476

[email protected]

web.nvd.nist.gov

cve-2023-40308

sap

commoncryptolib

memory corruption

vulnerability

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.5%

JSON

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

CPENameOperatorVersion
sap:commoncryptolibsap commoncryptolibeq8.0.0
sap:content_serversap content servereq6.50
sap:content_serversap content servereq7.53
sap:content_serversap content servereq7.54
sap:extended_application_services_and_runtimesap extended application services and runtimeeq1.0
sap:hana_databasesap hana databaseeq2.0
sap:host_agentsap host agenteq722
sap:netweaver_application_server_abapsap netweaver application server abapeq7.22ext
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.22
sap:netweaver_application_server_abapsap netweaver application server abapeqkernel_7.53

CPE	Name	Operator	Version
sap:commoncryptolib	sap commoncryptolib	eq	8.0.0
sap:content_server	sap content server	eq	6.50
sap:content_server	sap content server	eq	7.53
sap:content_server	sap content server	eq	7.54
sap:extended_application_services_and_runtime	sap extended application services and runtime	eq	1.0
sap:hana_database	sap hana database	eq	2.0
sap:host_agent	sap host agent	eq	722
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	7.22ext
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.22
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	kernel_7.53

Rows per page:

1-10 of 471

References

me.sap.com/notes/3327896

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

19.5%

JSON

Related for CVE-2023-40308

cvelist1 prion1