Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for NetWeaver ABAP Server and ABAP Platform by SAP

    CVE-2023-0014 (GCVE-0-2023-0014)

    Vulnerability from nvd – Published: 2023-01-10 03:02 – Updated: 2025-04-09 13:59
    VLAI
    Title
    Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver ABAP Server and ABAP Platform Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 710
    Affected: SAP_BASIS 711
    Affected: SAP_BASIS 730
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.77
    Affected: KERNEL 7.81
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KRNL64UC 7.22
    Affected: KRNL64UC 7.22EXT
    Affected: KRNL64UC 7.53
    Affected: KRNL64NUC 7.22
    Affected: KRNL64NUC 7.22EXT
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3089413"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T13:58:48.577709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T13:59:20.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver ABAP Server and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 710"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 711"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.81"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22EXT"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eSAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e"
                }
              ],
              "value": "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-10T03:02:39.962Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3089413"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-0014",
        "datePublished": "2023-01-10T03:02:39.962Z",
        "dateReserved": "2022-12-16T03:13:43.141Z",
        "dateUpdated": "2025-04-09T13:59:20.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-0014 (GCVE-0-2023-0014)

    Vulnerability from cvelistv5 – Published: 2023-01-10 03:02 – Updated: 2025-04-09 13:59
    VLAI
    Title
    Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver ABAP Server and ABAP Platform Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 710
    Affected: SAP_BASIS 711
    Affected: SAP_BASIS 730
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: KERNEL 7.22
    Affected: KERNEL 7.53
    Affected: KERNEL 7.77
    Affected: KERNEL 7.81
    Affected: KERNEL 7.85
    Affected: KERNEL 7.89
    Affected: KRNL64UC 7.22
    Affected: KRNL64UC 7.22EXT
    Affected: KRNL64UC 7.53
    Affected: KRNL64NUC 7.22
    Affected: KRNL64NUC 7.22EXT
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.596Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3089413"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0014",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-09T13:58:48.577709Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-09T13:59:20.601Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver ABAP Server and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 710"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 711"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 730"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.77"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.81"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.85"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.89"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.53"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22EXT"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eSAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e"
                }
              ],
              "value": "SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-01-10T03:02:39.962Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3089413"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-0014",
        "datePublished": "2023-01-10T03:02:39.962Z",
        "dateReserved": "2022-12-16T03:13:43.141Z",
        "dateUpdated": "2025-04-09T13:59:20.601Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }