CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server

🗓️ 08 Aug 2023 00:46:40Reported by sapType

CVE-2023-37491 SAP Message Server Authorization Vulnerabilit

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the SAP Message Server, a software integration platform of SAP NetWeaver, allows attackers to gain read, modify, or delete access to data, or to cause service interruptions.	11 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-37491	8 Aug 202307:13	–	circl
CNNVD	SAP Message Server 授权问题漏洞	8 Aug 202300:00	–	cnnvd
CNVD	SAP Message Server Authorization Issues Vulnerability	11 Aug 202300:00	–	cnvd
CVE	CVE-2023-37491	8 Aug 202300:46	–	cve
EUVD	EUVD-2023-41378	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	9 Aug 202300:00	–	ncsc
NVD	CVE-2023-37491	8 Aug 202301:15	–	nvd
OSV	CVE-2023-37491	8 Aug 202301:15	–	osv
Prion	Code injection	8 Aug 202301:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Message Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "RNL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "KRNL64NUC 7.22EXT"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3344295
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

28 Sep 2024 22:05Current

8.6High risk

Vulners AI Score8.6

CVSS 3.17.5

EPSS0.0044

CWE-863