CVE-2023-40308
Vulnerability from cvelistv5
Published
2023-09-12 01:21
Modified
2024-09-26 18:22
Severity ?
EPSS score ?
Summary
Memory Corruption vulnerability in SAP CommonCryptoLib
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://me.sap.com/notes/3327896 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:31:53.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://me.sap.com/notes/3327896"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T14:46:05.348783Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T14:46:15.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CommonCryptoLib",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "8"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "KERNEL",
"product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "KERNEL 7.53"
},
{
"status": "affected",
"version": "KERNEL 7.54"
},
{
"status": "affected",
"version": "KERNEL 7.77"
},
{
"status": "affected",
"version": "KERNEL 7.85"
},
{
"status": "affected",
"version": "KERNEL 7.89"
},
{
"status": "affected",
"version": "KERNEL 7.91"
},
{
"status": "affected",
"version": "KERNEL 7.92"
},
{
"status": "affected",
"version": "KERNEL 7.93"
},
{
"status": "affected",
"version": "KERNEL 8.04"
},
{
"status": "affected",
"version": "KERNEL64UC 7.22"
},
{
"status": "affected",
"version": "KERNEL64UC 7.22EXT"
},
{
"status": "affected",
"version": "KERNEL64UC 7.53"
},
{
"status": "affected",
"version": "KERNEL64UC 8.04"
},
{
"status": "affected",
"version": "KERNEL64NUC 7.22"
},
{
"status": "affected",
"version": "KERNEL64NUC 7.22EXT"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Web Dispatcher",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "7.22EXT"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.54"
},
{
"status": "affected",
"version": "7.77"
},
{
"status": "affected",
"version": "7.85"
},
{
"status": "affected",
"version": "7.89"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Content Server",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "6.50"
},
{
"status": "affected",
"version": "7.53"
},
{
"status": "affected",
"version": "7.54"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP HANA Database",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "2.00"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Host Agent",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "722"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAP Extended Application Services and Runtime (XSA)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_EXTENDED_APP_SERVICES 1"
},
{
"status": "affected",
"version": "XS_ADVANCED_RUNTIME 1.00"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SAPSSOEXT",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\u003c/p\u003e"
}
],
"value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T18:22:53.534Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3327896"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Memory Corruption vulnerability in SAP CommonCryptoLib",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-40308",
"datePublished": "2023-09-12T01:21:15.083Z",
"dateReserved": "2023-08-14T07:36:04.796Z",
"dateUpdated": "2024-09-26T18:22:53.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-40308\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2023-09-12T02:15:12.610\",\"lastModified\":\"2024-09-26T19:15:06.487\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\"},{\"lang\":\"es\",\"value\":\"SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se env\u00eda a un puerto abierto, provoca un error de corrupci\u00f3n de memoria en una librer\u00eda, lo que a su vez provoca que el componente de target falle y deje de estar disponible. No hay posibilidad de ver o modificar ninguna informaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E07A81-F35C-4BF4-8AB4-E5B3C3D09487\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85520864-E99A-4576-847C-5E0EA1E6CEC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A02FB973-7FA0-4881-B912-27F4CFBDC673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED7FD33E-6870-48EB-8695-67B9169D1808\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF475F4D-11D8-401A-BAB8-8A31E81CEEEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30B0858F-6AE9-4163-B001-1481FD3AFF9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A56308E-B097-49F3-8963-1F34E8716CD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF64539B-0DE2-4076-91B9-F03F4DDFAE2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C07042F-C47F-441E-AB32-B58A066909E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC44C62-0BFD-4170-B094-C82DEA473938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99F18BB-B44E-48B5-BD7C-D20E40915268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"208F59B2-7D79-4E0E-97DA-AEB9976C8EEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A120BC2E-92B2-404A-ADF6-F1AF512631E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F63498-DAC3-40EE-9625-51FA522BA0DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06155DA1-7EDD-4EBA-8EBB-F7352F4EC7D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104EE65A-202C-4F4E-B725-791A73687167\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0269C487-81F8-4240-BEF8-1A7C33864519\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"379FDFC8-947E-4D09-A9DD-4B3F7481F648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7184F3A2-3408-4B7E-BEA6-BBF55909969F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2D30A5-DB16-4CB7-8135-3CE106FA5477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1657980-CBAC-41AC-A20E-18D7199EA244\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"771ED2D0-3BC5-4C36-BCEB-1A1C46667363\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F05534F-3D2B-4983-9CC1-3A8BC7D421C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE19A598-2F90-4014-AC5B-352FBC154907\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97EDAAC4-4885-46CE-860A-DDF92FF205C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E53E262-A23E-4D99-B2D8-DDCBEED85EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7E61257-B187-4A83-96BD-D53CE11061D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E0B493-0860-4074-A383-F9C2A06EA8E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D338B951-5C8F-4C14-931C-5F8AEA7F5924\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"525603B5-ADDC-4F58-B730-FC748A56D6E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA2270AE-437E-4FDE-9F53-690C0BCF9C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD374580-7D80-4D7F-8D89-8F52F2DEA8D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59253D09-D58D-4013-8F29-2172C1B83AA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21316691-9A18-4B41-915E-491225CEF966\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BB08C06-0E07-4317-B1AC-C1ECCF931E7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8692B960-38A9-4035-88F5-C33D15B6A018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D9E47FB-D39A-40C3-AEEE-D6A5AE27F063\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80C5A218-C623-41C5-A001-304046608CF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92E7B426-D50F-4AEE-B6F3-5D00C8A195F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"039A11C9-D9D1-42BC-8DD4-2BCDAAF464CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"784CA842-6657-4A02-96B0-76A66AC469C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3F76E6A-2F27-450C-AAB5-E49A64079CAC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47D4D542-2EC2-490B-B4E9-3E7BB8D59B77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"950DF1E2-990E-41EF-8779-CEC54C7CDC60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33D9481-3CF6-4AA3-B115-7903AC6DAE25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F74EE4D5-E968-4851-89E6-4152F64930F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097ED3E8-49B1-497E-BD43-28C397FBEAE8\"}]}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3327896\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.