Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ghsa-qr3g-7vmg-24hh
Vulnerability from github
Published
2023-09-15 18:30
Modified
2024-09-26 21:31
Severity ?
Details
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
{ affected: [], aliases: [ "CVE-2023-40308", ], database_specific: { cwe_ids: [ "CWE-476", "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2023-09-12T02:15:12Z", severity: "HIGH", }, details: "SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n", id: "GHSA-qr3g-7vmg-24hh", modified: "2024-09-26T21:31:10Z", published: "2023-09-15T18:30:30Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-40308", }, { type: "WEB", url: "https://me.sap.com/notes/3327896", }, { type: "WEB", url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
cve-2023-40308
Vulnerability from cvelistv5
Published
2023-09-12 01:21
Modified
2024-09-26 18:22
Severity ?
EPSS score ?
Summary
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP_SE | SAP CommonCryptoLib |
Version: 8 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://me.sap.com/notes/3327896", }, { tags: [ "x_transferred", ], url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40308", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:46:05.348783Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:46:15.846Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "SAP CommonCryptoLib", vendor: "SAP_SE", versions: [ { status: "affected", version: "8", }, ], }, { defaultStatus: "unaffected", packageName: "KERNEL", product: "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise", vendor: "SAP_SE", versions: [ { status: "affected", version: "KERNEL 7.22", }, { status: "affected", version: "KERNEL 7.53", }, { status: "affected", version: "KERNEL 7.54", }, { status: "affected", version: "KERNEL 7.77", }, { status: "affected", version: "KERNEL 7.85", }, { status: "affected", version: "KERNEL 7.89", }, { status: "affected", version: "KERNEL 7.91", }, { status: "affected", version: "KERNEL 7.92", }, { status: "affected", version: "KERNEL 7.93", }, { status: "affected", version: "KERNEL 8.04", }, { status: "affected", version: "KERNEL64UC 7.22", }, { status: "affected", version: "KERNEL64UC 7.22EXT", }, { status: "affected", version: "KERNEL64UC 7.53", }, { status: "affected", version: "KERNEL64UC 8.04", }, { status: "affected", version: "KERNEL64NUC 7.22", }, { status: "affected", version: "KERNEL64NUC 7.22EXT", }, ], }, { defaultStatus: "unaffected", product: "SAP Web Dispatcher", vendor: "SAP_SE", versions: [ { status: "affected", version: "7.22EXT", }, { status: "affected", version: "7.53", }, { status: "affected", version: "7.54", }, { status: "affected", version: "7.77", }, { status: "affected", version: "7.85", }, { status: "affected", version: "7.89", }, ], }, { defaultStatus: "unaffected", product: "SAP Content Server", vendor: "SAP_SE", versions: [ { status: "affected", version: "6.50", }, { status: "affected", version: "7.53", }, { status: "affected", version: "7.54", }, ], }, { defaultStatus: "unaffected", product: "SAP HANA Database", vendor: "SAP_SE", versions: [ { status: "affected", version: "2.00", }, ], }, { defaultStatus: "unaffected", product: "SAP Host Agent", vendor: "SAP_SE", versions: [ { status: "affected", version: "722", }, ], }, { defaultStatus: "unaffected", product: "SAP Extended Application Services and Runtime (XSA)", vendor: "SAP_SE", versions: [ { status: "affected", version: "SAP_EXTENDED_APP_SERVICES 1", }, { status: "affected", version: "XS_ADVANCED_RUNTIME 1.00", }, ], }, { defaultStatus: "unaffected", product: "SAPSSOEXT", vendor: "SAP_SE", versions: [ { status: "affected", version: "17", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.</p>", }, ], value: "SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T18:22:53.534Z", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { url: "https://me.sap.com/notes/3327896", }, { url: "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", }, ], source: { discovery: "UNKNOWN", }, title: "Memory Corruption vulnerability in SAP CommonCryptoLib", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2023-40308", datePublished: "2023-09-12T01:21:15.083Z", dateReserved: "2023-08-14T07:36:04.796Z", dateUpdated: "2024-09-26T18:22:53.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.