EUVD-2023-41378

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Access Control List vulnerability in SAP Message Server allows network bypass and data access.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-37491	8 Aug 202307:13	–	circl
CNNVD	SAP Message Server 授权问题漏洞	8 Aug 202300:00	–	cnnvd
CNVD	SAP Message Server Authorization Issues Vulnerability	11 Aug 202300:00	–	cnvd
CVE	CVE-2023-37491	8 Aug 202300:46	–	cve
Cvelist	CVE-2023-37491 Improper Authorization check vulnerability in SAP Message Server	8 Aug 202300:46	–	cvelist
NCSC	Vulnerabilities fixed in SAP products	9 Aug 202300:00	–	ncsc
NVD	CVE-2023-37491	8 Aug 202301:15	–	nvd
Prion	Code injection	8 Aug 202301:15	–	prion
Positive Technologies	PT-2023-4246 · Sap · Sap Message Server	7 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-37491	23 May 202505:33	–	redhatcve

[
  {
    "enisaIdVendor": [
      {
        "id": "7da4d0b4-55e1-38fe-8605-7952f67b5ff7",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1016e4de-1e61-377e-b874-e311d1ec8f24",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KERNEL 7.22"
      },
      {
        "id": "24899d96-996a-3868-8605-3ca23fcab11c",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KERNEL 7.77"
      },
      {
        "id": "327577d4-8ae7-3b95-938a-ceb4cf4274a3",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "RNL64UC 7.53"
      },
      {
        "id": "5e9eab66-13a3-3444-b855-bfb9f0bd5f91",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KERNEL 7.53"
      },
      {
        "id": "5f164b67-881d-314e-93c4-80fd00370b40",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KERNEL 7.54"
      },
      {
        "id": "726896ad-bede-3386-82c9-0a84e8b3d11d",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "RNL64UC 7.22"
      },
      {
        "id": "85987351-daa3-3b00-a654-c2d3d0b73b7a",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KRNL64NUC 7.22EXT"
      },
      {
        "id": "88902b3b-85d4-325e-925f-4074b4a51adf",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "KRNL64NUC 7.22"
      },
      {
        "id": "890f6741-18c7-3582-94af-aa49121b7773",
        "product": {
          "name": "SAP Message Server"
        },
        "product_version": "RNL64UC 7.22EXT"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3344295
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

03 Oct 2025 20:07Current

8.6High risk

Vulners AI Score8.6

CVSS 3.17.5 - 8.8

EPSS0.0005

SSVC