Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for NetWeaver Application Server for ABAP and ABAP Platform by SAP

    CVE-2023-27270 (GCVE-0-2023-27270)

    Vulnerability from nvd – Published: 2023-03-14 04:58 – Updated: 2025-02-27 15:02
    VLAI
    Title
    Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:41.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3296328"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T15:01:52.640692Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T15:02:08.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server\u0027s resources sufficiently to make it unavailable. There is no ability to view or modify any information.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server\u0027s resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:25:00.239Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3296328"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-27270",
        "datePublished": "2023-03-14T04:58:44.671Z",
        "dateReserved": "2023-02-27T15:19:34.024Z",
        "dateUpdated": "2025-02-27T15:02:08.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27269 (GCVE-0-2023-27269)

    Vulnerability from nvd – Published: 2023-03-14 04:58 – Updated: 2025-02-27 15:03
    VLAI
    Title
    Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.  In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:41.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3294595"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T15:02:52.836978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T15:03:19.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. \u00a0In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. \u00a0In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:24:27.214Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3294595"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-27269",
        "datePublished": "2023-03-14T04:58:10.184Z",
        "dateReserved": "2023-02-27T15:19:34.024Z",
        "dateUpdated": "2025-02-27T15:03:19.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23853 (GCVE-0-2023-23853)

    Vulnerability from nvd – Published: 2023-02-14 03:13 – Updated: 2025-03-20 18:49
    VLAI
    Summary
    An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 789
    Affected: 790
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:27.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3271227"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23853",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T18:49:25.546555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T18:49:33.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "789"
                },
                {
                  "status": "affected",
                  "version": "790"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.  Vulnerability has no direct impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.  Vulnerability has no direct impact on availability.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:22:01.425Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3271227"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-23853",
        "datePublished": "2023-02-14T03:13:28.319Z",
        "dateReserved": "2023-01-19T00:05:29.415Z",
        "dateUpdated": "2025-03-20T18:49:33.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27270 (GCVE-0-2023-27270)

    Vulnerability from cvelistv5 – Published: 2023-03-14 04:58 – Updated: 2025-02-27 15:02
    VLAI
    Title
    Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:41.807Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3296328"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T15:01:52.640692Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T15:02:08.114Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server\u0027s resources sufficiently to make it unavailable. There is no ability to view or modify any information.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server\u0027s resources sufficiently to make it unavailable. There is no ability to view or modify any information.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:25:00.239Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3296328"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-27270",
        "datePublished": "2023-03-14T04:58:44.671Z",
        "dateReserved": "2023-02-27T15:19:34.024Z",
        "dateUpdated": "2025-02-27T15:02:08.114Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27269 (GCVE-0-2023-27269)

    Vulnerability from cvelistv5 – Published: 2023-03-14 04:58 – Updated: 2025-02-27 15:03
    VLAI
    Title
    Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
    Summary
    SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files.  In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 791
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:09:41.843Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3294595"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-27T15:02:52.836978Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-27T15:03:19.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "791"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. \u00a0In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations to exploit a directory traversal flaw in an available service to overwrite the system files. \u00a0In this attack, no data can be read but potentially critical OS files can be overwritten making the system unavailable.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:24:27.214Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3294595"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-27269",
        "datePublished": "2023-03-14T04:58:10.184Z",
        "dateReserved": "2023-02-27T15:19:34.024Z",
        "dateUpdated": "2025-02-27T15:03:19.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23853 (GCVE-0-2023-23853)

    Vulnerability from cvelistv5 – Published: 2023-02-14 03:13 – Updated: 2025-03-20 18:49
    VLAI
    Summary
    An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP NetWeaver Application Server for ABAP and ABAP Platform Affected: 700
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 789
    Affected: 790
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:42:27.066Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3271227"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23853",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-20T18:49:25.546555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-20T18:49:33.080Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "NetWeaver Application Server for ABAP and ABAP Platform",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "700"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "789"
                },
                {
                  "status": "affected",
                  "version": "790"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.  Vulnerability has no direct impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.  Vulnerability has no direct impact on availability.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T21:22:01.425Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3271227"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-23853",
        "datePublished": "2023-02-14T03:13:28.319Z",
        "dateReserved": "2023-01-19T00:05:29.415Z",
        "dateUpdated": "2025-03-20T18:49:33.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }