Vulnerabilities > CVE-2023-37491 - Incorrect Authorization vulnerability in SAP Message Server

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

CWE-863

NVD

Published: 2023-08-08

Updated: 2024-09-28

Summary

The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Message Server Kernel_7.22 SAP Message Server Kernel_7.53 SAP Message Server Kernel_7.54 SAP Message Server Kernel_7.77 SAP Message Server Rnl64Uc_7.22 SAP Message Server Rnl64Uc_7.22Ext SAP Message Server Rnl64Uc_7.53 SAP Message Server Krnl64Nuc_7.22 SAP Message Server Krnl64Nuc_7.22Ex	9

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References