Vulnerabilities > CVE-2023-35874 - Unspecified vulnerability in SAP Netweaver Application Server Abap

CVSS 7.4 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

LOW

network

low complexity

sap

NVD

Published: 2023-07-11

Updated: 2024-11-21

Summary

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server Abap Krnl64Uc_7.53 SAP Netweaver Application Server Abap Kernel_7.53 SAP Netweaver Application Server Abap Kernel_7.77 SAP Netweaver Application Server Abap Kernel_7.81 SAP Netweaver Application Server Abap Krnl64Nuc_7.22 SAP Netweaver Application Server Abap Krnl64Nuc_7.22Ext SAP Netweaver Application Server Abap Kernel_7.22 SAP Netweaver Application Server Abap Krnl64Uc_7.22 SAP Netweaver Application Server Abap Krnl64Uc_7.22Ext SAP Netweaver Application Server Abap Kernel_7.85 SAP Netweaver Application Server Abap Kernel_7.89 SAP Netweaver Application Server Abap Kernel_7.54 SAP Netweaver Application Server Abap Kernel_7.92 SAP Netweaver Application Server Abap Kernel_7.93	14

Summary

Vulnerable Configurations

References