EUVD-2023-44900

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

SAP CommonCryptoLib vulnerable to unauthenticated request causing memory corruption and crashes.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the SAP CommonCryptoLib library, related to pointer dereferencing errors, allows a perpetrator to trigger a service failure.	1 Nov 202300:00	–	bdu_fstec
CNNVD	SAP CommonCryptoLib Code Issue Vulnerability	12 Sep 202300:00	–	cnnvd
CVE	CVE-2023-40308	12 Sep 202301:21	–	cve
Cvelist	CVE-2023-40308 Memory Corruption vulnerability in SAP CommonCryptoLib	12 Sep 202301:21	–	cvelist
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202300:00	–	ncsc
NVD	CVE-2023-40308	12 Sep 202302:15	–	nvd
Prion	Memory corruption	12 Sep 202302:15	–	prion
Positive Technologies	PT-2023-6627 · Sap · Sap Commoncryptolib	11 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-40308	9 Jan 202608:56	–	redhatcve
Vulnrichment	CVE-2023-40308 Memory Corruption vulnerability in SAP CommonCryptoLib	12 Sep 202301:21	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "d32b8e1d-c9ff-30a6-84b8-1df31e756cc0",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "112d8775-6265-376a-87bb-01146d34f5eb",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64NUC 7.22EXT"
      },
      {
        "id": "141b8741-aea1-3bbd-8166-a4d8f2f20d69",
        "product": {
          "name": "SAP HANA Database"
        },
        "product_version": "2.00"
      },
      {
        "id": "20cd0954-1ae5-3508-821a-c7604b3f0a49",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.54"
      },
      {
        "id": "242a2480-3074-311a-90e7-98b840c56e53",
        "product": {
          "name": "SAP CommonCryptoLib"
        },
        "product_version": "8"
      },
      {
        "id": "277f6868-d40b-33ea-a645-40ca591a160c",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.77"
      },
      {
        "id": "27da2815-078e-3040-b5a7-ad5f6987555d",
        "product": {
          "name": "SAP Content Server"
        },
        "product_version": "6.50"
      },
      {
        "id": "398acd85-05f8-3310-9a12-37670c1badcf",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64UC 8.04"
      },
      {
        "id": "3f9700f9-8989-39b0-9a44-dc4bca12ec03",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64NUC 7.22"
      },
      {
        "id": "3ff55583-ad42-3b7c-8dea-51de7a38515d",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.22"
      },
      {
        "id": "67ca2db7-1669-3c0f-9e8a-a2350f675ac0",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.91"
      },
      {
        "id": "78bfaa90-1a2f-3452-8c05-0ef1880a9ff2",
        "product": {
          "name": "SAP Content Server"
        },
        "product_version": "7.54"
      },
      {
        "id": "7aad10a3-28b3-3d04-b410-e7ed537ad6a2",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.92"
      },
      {
        "id": "8600c766-7aba-31a6-beae-e9e4224e3942",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.93"
      },
      {
        "id": "89c77634-3605-32fa-84d9-91415b11ffeb",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.53"
      },
      {
        "id": "8c741605-71d9-393c-8719-3c7ee27dabd0",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64UC 7.22EXT"
      },
      {
        "id": "8f3ecca8-74d1-3b69-b918-468fd29faa88",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.89"
      },
      {
        "id": "920486a5-d5d7-3513-b950-abef9f1bc533",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 8.04"
      },
      {
        "id": "9e10f8ec-5f74-3247-a40f-41c255049e8d",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.53"
      },
      {
        "id": "9fb92808-40a8-384d-bb85-6182e9624f0c",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.77"
      },
      {
        "id": "a41b0a26-6db5-3755-bf2d-876a3966439d",
        "product": {
          "name": "SAP Extended Application Services and Runtime (XSA)"
        },
        "product_version": "XS_ADVANCED_RUNTIME 1.00"
      },
      {
        "id": "a9b57ebe-4af8-35c8-8a48-3acc4ab7bb81",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.54"
      },
      {
        "id": "aa3d35ca-afae-3524-a063-2ab67eafd2d3",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.85"
      },
      {
        "id": "aa7f6c88-e47e-3603-8c58-14fda62e4554",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64UC 7.53"
      },
      {
        "id": "ab620364-ad47-3c44-8352-61d31cab6986",
        "product": {
          "name": "SAP Extended Application Services and Runtime (XSA)"
        },
        "product_version": "SAP_EXTENDED_APP_SERVICES 1"
      },
      {
        "id": "acee76eb-b73a-3e28-948e-7cb3d4f52c11",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.22EXT"
      },
      {
        "id": "b912fb61-5a52-37e1-9f40-facec1d8b71e",
        "product": {
          "name": "SAP Content Server"
        },
        "product_version": "7.53"
      },
      {
        "id": "c4fa1d4a-efc8-3266-abbe-d9111d783f17",
        "product": {
          "name": "SAPSSOEXT"
        },
        "product_version": "17"
      },
      {
        "id": "c9ce06ad-2a51-3c20-88d1-63812b3edced",
        "product": {
          "name": "SAP Web Dispatcher"
        },
        "product_version": "7.89"
      },
      {
        "id": "d0a21a0e-c465-30cc-86c7-cefb4386af14",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL64UC 7.22"
      },
      {
        "id": "e363eda0-4940-3223-9774-9b946ac451b5",
        "product": {
          "name": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise"
        },
        "product_version": "KERNEL 7.85"
      },
      {
        "id": "f043ce3b-7887-3e0f-bd87-65cf58e14e26",
        "product": {
          "name": "SAP Host Agent"
        },
        "product_version": "722"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3327896
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

03 Oct 2025 20:07Current

7.6High risk

Vulners AI Score7.6

CVSS 3.17.5

EPSS0.00164

SSVC