fkie_cve-2023-40308
Vulnerability from fkie_nvd
Published
2023-09-12 02:15
Modified
2024-11-21 08:19
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
References
cna@sap.comhttps://me.sap.com/notes/3327896Permissions Required, Vendor Advisory
cna@sap.comhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://me.sap.com/notes/3327896Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
Impacted products
Vendor Product Version
sap commoncryptolib 8.0.0
sap content_server 6.50
sap content_server 7.53
sap content_server 7.54
sap extended_application_services_and_runtime 1.0
sap hana_database 2.0
sap host_agent 722
sap netweaver_application_server_abap 7.22ext
sap netweaver_application_server_abap kernel_7.22
sap netweaver_application_server_abap kernel_7.53
sap netweaver_application_server_abap kernel_7.54
sap netweaver_application_server_abap kernel_7.77
sap netweaver_application_server_abap kernel_7.85
sap netweaver_application_server_abap kernel_7.89
sap netweaver_application_server_abap kernel_7.91
sap netweaver_application_server_abap kernel_7.92
sap netweaver_application_server_abap kernel_7.93
sap netweaver_application_server_abap kernel_8.04
sap netweaver_application_server_abap kernel64nuc_7.22
sap netweaver_application_server_abap kernel64nuc_7.22ext
sap netweaver_application_server_abap kernel64uc_7.22
sap netweaver_application_server_abap kernel64uc_7.22ext
sap netweaver_application_server_abap kernel64uc_7.53
sap netweaver_application_server_abap kernel64uc_8.04
sap netweaver_application_server_java kernel_7.22
sap netweaver_application_server_java kernel_7.53
sap netweaver_application_server_java kernel_7.54
sap netweaver_application_server_java kernel_7.77
sap netweaver_application_server_java kernel_7.85
sap netweaver_application_server_java kernel_7.89
sap netweaver_application_server_java kernel_7.91
sap netweaver_application_server_java kernel_7.92
sap netweaver_application_server_java kernel_7.93
sap netweaver_application_server_java kernel_8.04
sap netweaver_application_server_java kernel64nuc_7.22
sap netweaver_application_server_java kernel64nuc_7.22ext
sap netweaver_application_server_java kernel64uc_7.22
sap netweaver_application_server_java kernel64uc_7.22ext
sap netweaver_application_server_java kernel64uc_7.53
sap netweaver_application_server_java kernel64uc_8.04
sap sapssoext 17.0
sap web_dispatcher 7.22ext
sap web_dispatcher 7.53
sap web_dispatcher 7.54
sap web_dispatcher 7.77
sap web_dispatcher 7.85
sap web_dispatcher 7.89


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "92E07A81-F35C-4BF4-8AB4-E5B3C3D09487",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "85520864-E99A-4576-847C-5E0EA1E6CEC5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "A02FB973-7FA0-4881-B912-27F4CFBDC673",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "ED7FD33E-6870-48EB-8695-67B9169D1808",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF475F4D-11D8-401A-BAB8-8A31E81CEEEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "30B0858F-6AE9-4163-B001-1481FD3AFF9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*",
                     matchCriteriaId: "6A56308E-B097-49F3-8963-1F34E8716CD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C07042F-C47F-441E-AB32-B58A066909E2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBC44C62-0BFD-4170-B094-C82DEA473938",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "D99F18BB-B44E-48B5-BD7C-D20E40915268",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*",
                     matchCriteriaId: "A120BC2E-92B2-404A-ADF6-F1AF512631E6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*",
                     matchCriteriaId: "56F63498-DAC3-40EE-9625-51FA522BA0DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*",
                     matchCriteriaId: "06155DA1-7EDD-4EBA-8EBB-F7352F4EC7D2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*",
                     matchCriteriaId: "104EE65A-202C-4F4E-B725-791A73687167",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*",
                     matchCriteriaId: "0269C487-81F8-4240-BEF8-1A7C33864519",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "379FDFC8-947E-4D09-A9DD-4B3F7481F648",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "7184F3A2-3408-4B7E-BEA6-BBF55909969F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "BB2D30A5-DB16-4CB7-8135-3CE106FA5477",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "D1657980-CBAC-41AC-A20E-18D7199EA244",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "771ED2D0-3BC5-4C36-BCEB-1A1C46667363",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F05534F-3D2B-4983-9CC1-3A8BC7D421C8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "AE19A598-2F90-4014-AC5B-352FBC154907",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "97EDAAC4-4885-46CE-860A-DDF92FF205C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "4E53E262-A23E-4D99-B2D8-DDCBEED85EA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "F7E61257-B187-4A83-96BD-D53CE11061D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "34E0B493-0860-4074-A383-F9C2A06EA8E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*",
                     matchCriteriaId: "D338B951-5C8F-4C14-931C-5F8AEA7F5924",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*",
                     matchCriteriaId: "525603B5-ADDC-4F58-B730-FC748A56D6E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA2270AE-437E-4FDE-9F53-690C0BCF9C2E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD374580-7D80-4D7F-8D89-8F52F2DEA8D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*",
                     matchCriteriaId: "59253D09-D58D-4013-8F29-2172C1B83AA8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "21316691-9A18-4B41-915E-491225CEF966",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "2BB08C06-0E07-4317-B1AC-C1ECCF931E7A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "8692B960-38A9-4035-88F5-C33D15B6A018",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*",
                     matchCriteriaId: "1D9E47FB-D39A-40C3-AEEE-D6A5AE27F063",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "80C5A218-C623-41C5-A001-304046608CF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "92E7B426-D50F-4AEE-B6F3-5D00C8A195F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*",
                     matchCriteriaId: "039A11C9-D9D1-42BC-8DD4-2BCDAAF464CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "784CA842-6657-4A02-96B0-76A66AC469C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*",
                     matchCriteriaId: "D3F76E6A-2F27-450C-AAB5-E49A64079CAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "950DF1E2-990E-41EF-8779-CEC54C7CDC60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*",
                     matchCriteriaId: "E33D9481-3CF6-4AA3-B115-7903AC6DAE25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*",
                     matchCriteriaId: "F74EE4D5-E968-4851-89E6-4152F64930F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*",
                     matchCriteriaId: "097ED3E8-49B1-497E-BD43-28C397FBEAE8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.",
      },
      {
         lang: "es",
         value: "SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se envía a un puerto abierto, provoca un error de corrupción de memoria en una librería, lo que a su vez provoca que el componente de target falle y deje de estar disponible. No hay posibilidad de ver o modificar ninguna información.",
      },
   ],
   id: "CVE-2023-40308",
   lastModified: "2024-11-21T08:19:12.393",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "cna@sap.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-09-12T02:15:12.610",
   references: [
      {
         source: "cna@sap.com",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://me.sap.com/notes/3327896",
      },
      {
         source: "cna@sap.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
            "Vendor Advisory",
         ],
         url: "https://me.sap.com/notes/3327896",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
      },
   ],
   sourceIdentifier: "cna@sap.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-787",
            },
         ],
         source: "cna@sap.com",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.