SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3340576 | Permissions Required Vendor Advisory |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Sep 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-12 03:15
Updated : 2024-09-28 22:15
NVD link : CVE-2023-40309
Mitre link : CVE-2023-40309
CVE.ORG link : CVE-2023-40309
JSON object : View
Products Affected
sap
- netweaver_application_server_abap
- content_server
- web_dispatcher
- commoncryptolib
- extended_application_services_and_runtime
- netweaver_application_server_java
- host_agent
- sapssoext
- hana_database
CWE
CWE-863
Incorrect Authorization