CVE-2023-40308 Memory Corruption vulnerability in SAP CommonCryptoLib

🗓️ 12 Sep 2023 01:21:15Reported by sapType

Memory Corruption vulnerability in SAP CommonCryptoLib

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the SAP CommonCryptoLib library, related to pointer dereferencing errors, allows a perpetrator to trigger a service failure.	1 Nov 202300:00	–	bdu_fstec
CNNVD	SAP CommonCryptoLib Code Issue Vulnerability	12 Sep 202300:00	–	cnnvd
CVE	CVE-2023-40308	12 Sep 202301:21	–	cve
EUVD	EUVD-2023-44900	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202300:00	–	ncsc
NVD	CVE-2023-40308	12 Sep 202302:15	–	nvd
OSV	CVE-2023-40308	12 Sep 202302:15	–	osv
Prion	Memory corruption	12 Sep 202302:15	–	prion
Positive Technologies	PT-2023-6627 · Sap · Sap Commoncryptolib	11 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-40308	9 Jan 202608:56	–	redhatcve

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CommonCryptoLib",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "8"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "KERNEL",
    "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.85"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.89"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.91"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.92"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.93"
      },
      {
        "status": "affected",
        "version": "KERNEL 8.04"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 8.04"
      },
      {
        "status": "affected",
        "version": "KERNEL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL64NUC 7.22EXT"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Web Dispatcher",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "7.54"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.89"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Content Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "6.50"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "7.54"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP HANA Database",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "2.00"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Host Agent",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "722"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Extended Application Services and Runtime (XSA)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_EXTENDED_APP_SERVICES 1"
      },
      {
        "status": "affected",
        "version": "XS_ADVANCED_RUNTIME 1.00"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAPSSOEXT",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "17"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3327896
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

26 Sep 2024 18:22Current

7.9High risk

Vulners AI Score7.9

CVSS 3.17.5

EPSS0.00164

CWE-787