Lucene search

SapCVELIST:CVE-2023-40307

HistorySep 28, 2023 - 1:55 p.m.

CVE-2023-40307 Privileges Memory Corruption (Out-of-bound write)

2023-09-2813:55:49

CWE-787

sap

www.cve.org

cve-2023-40307

application crash

data modification

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.0%

JSON

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "MacOS"
    ],
    "product": "SAP Privileges",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "unaffected",
        "version": "1.5.4"
      }
    ]
  }
]

References

github.com/SAP/macOS-enterprise-privileges/security/advisories/GHSA-rgq4-wxpj-5jv9