CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLib

🗓️ 12 Sep 2023 02:21:19Reported by sapType

CVE-2023-40309 Missing Authorization check in SAP CommonCryptoLi

Reporter	Title	Published	Views	Family All 11
BDU FSTEC	The vulnerability of the SAP CommonCryptoLib library, related to deficiencies in authentication procedures, allows attackers to read, modify, or delete data with limited access.	1 Nov 202300:00	–	bdu_fstec
Circl	CVE-2023-40309	13 Sep 202315:45	–	circl
CNNVD	SAP CommonCryptoLib and abu security vulnerabilities	12 Sep 202300:00	–	cnnvd
CVE	CVE-2023-40309	12 Sep 202302:21	–	cve
EUVD	EUVD-2023-44901	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202300:00	–	ncsc
NVD	CVE-2023-40309	12 Sep 202303:15	–	nvd
OSV	CVE-2023-40309	12 Sep 202303:15	–	osv
Prion	Authorization	12 Sep 202303:15	–	prion
Positive Technologies	PT-2023-6624 · Sap · Sap Commoncryptolib	11 Sep 202300:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP CommonCryptoLib",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "8"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "KERNEL 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.54"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.77"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.85"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.89"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.91"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.92"
      },
      {
        "status": "affected",
        "version": "KERNEL 7.93"
      },
      {
        "status": "affected",
        "version": "KERNEL 8.04"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.22EXT"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 7.53"
      },
      {
        "status": "affected",
        "version": "KERNEL64UC 8.04"
      },
      {
        "status": "affected",
        "version": "KERNEL64NUC 7.22"
      },
      {
        "status": "affected",
        "version": "KERNEL64NUC 7.22EXT"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Web Dispatcher",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.22EXT"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "7.54"
      },
      {
        "status": "affected",
        "version": "7.77"
      },
      {
        "status": "affected",
        "version": "7.85"
      },
      {
        "status": "affected",
        "version": "7.89"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Content Server",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "6.50"
      },
      {
        "status": "affected",
        "version": "7.53"
      },
      {
        "status": "affected",
        "version": "7.54"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP HANA Database",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "2.00"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Host Agent",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "722"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAP Extended Application Services and Runtime (XSA)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_EXTENDED_APP_SERVICES 1"
      },
      {
        "status": "affected",
        "version": "XS_ADVANCED_RUNTIME 1.00"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SAPSSOEXT",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "17"
      }
    ]
  }
]

Source	Link
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
me	www.me.sap.com/notes/3340576

28 Sep 2024 22:10Current

9.8High risk

Vulners AI Score9.8

CVSS 3.19.8

EPSS0.00748

CWE-863