Vulnerabilities > CVE-2023-25615 - Unspecified vulnerability in SAP Abap Platform

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-03-14

Updated: 2024-11-21

Summary

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Abap Platform 751 SAP Abap Platform 753 SAP Abap Platform 754 SAP Abap Platform 756 SAP Abap Platform 757 SAP Abap Platform 791	6

References

https://launchpad.support.sap.com/#/notes/3289844
https://launchpad.support.sap.com/#/notes/3289844
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html