CRITICAL🇵🇱 Wersja polska

CVE-2023-40309

CVSS 9.8v3.1pub. 2023-09-12upd. 2024-11-21

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Commoncryptolib

    APP
    Sap
    8.0.0
  • Sap Content Server

    APP
    Sap
    6.507.537.54
  • Sap Extended Application Services And Runtime

    APP
    Sap
    1.0
  • Sap Hana Database

    APP
    Sap
    2.0
  • Sap Host Agent

    APP
    Sap
    722
  • Sap Netweaver Application Server Abap

    APP
    Sap
    7.22extkernel64nuc_7.22kernel64nuc_7.22extkernel64uc_7.22kernel64uc_7.22extkernel64uc_7.53kernel64uc_8.04kernel_7.22kernel_7.53kernel_7.54kernel_7.77kernel_7.85kernel_7.89kernel_7.91kernel_7.92+ 2 więcej
  • Sap Netweaver Application Server Java

    APP
    Sap
    kernel64nuc_7.22kernel64nuc_7.22extkernel64uc_7.22kernel64uc_7.22extkernel64uc_7.53kernel64uc_8.04kernel_7.22kernel_7.53kernel_7.54kernel_7.77kernel_7.85kernel_7.89kernel_7.91kernel_7.92kernel_7.93+ 1 więcej
  • Sap Sapssoext

    APP
    Sap
    17.0
  • Sap Web Dispatcher

    APP
    Sap
    7.22ext7.537.547.777.857.89
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-22536CRITICAL10.0⚠ KEVten sam produkt

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Serve...

CVE-2020-6287CRITICAL10.0⚠ KEVten sam produkt

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...

CVE-2010-5326CRITICAL10.0⚠ KEVten sam produkt

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...

CVE-2016-2386CRITICAL9.8⚠ KEVten sam produkt

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to ex...

CVE-2026-0488CRITICAL9.9PL ✓ten sam produkt

SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL