CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.5%
Depending on the configuration of the route permission table in file ‘saprouttab’, it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | netweaver_as_abap | kernel_7.49 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.49:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.77 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.77:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.81 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.81:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.85 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.85:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.86 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.86:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.87 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.87:*:*:*:*:*:*:* |
sap | netweaver_as_abap | kernel_7.88 | cpe:2.3:a:sap:netweaver_as_abap:kernel_7.88:*:*:*:*:*:*:* |
sap | netweaver_as_abap_krnl64nuc | 7.49 | cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.49:*:*:*:*:*:*:* |
sap | netweaver_as_abap_krnl64uc | 7.49 | cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.49:*:*:*:*:*:*:* |
sap | router | 7.22 | cpe:2.3:a:sap:router:7.22:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
76.5%