Vulnerabilities > CVE-2023-40307 - Out-of-bounds Write vulnerability in SAP Privileges

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

sap

CWE-787

NVD

Published: 2023-09-28

Updated: 2023-10-02

Summary

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Privileges 1.0.3 SAP Privileges 1.0.5 SAP Privileges 1.5.0 SAP Privileges 1.5.1 SAP Privileges 1.5.2 SAP Privileges 1.5.3	6

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://github.com/SAP/macOS-enterprise-privileges/security/advisories/GHSA-rgq4-wxpj-5jv9