First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Application Server ABAP | =700 | |
SAP NetWeaver Application Server ABAP | =701 | |
SAP NetWeaver Application Server ABAP | =702 | |
SAP NetWeaver Application Server ABAP | =731 | |
SAP NetWeaver Application Server ABAP | =740 | |
SAP NetWeaver Application Server ABAP | =750 | |
SAP NetWeaver Application Server ABAP | =751 | |
SAP NetWeaver Application Server ABAP | =752 | |
SAP NetWeaver Application Server ABAP | =753 | |
SAP NetWeaver Application Server ABAP | =754 | |
SAP NetWeaver Application Server ABAP | =755 | |
SAP NetWeaver Application Server ABAP | =756 | |
SAP NetWeaver Application Server ABAP | =757 | |
SAP NetWeaver Application Server ABAP | =791 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-25618 is medium with a CVSS score of 6.5.
The affected versions of SAP NetWeaver Application Server for ABAP are 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791.
The vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform is related to an unused class for error handling that can be exploited by an authenticated non-administrative user.
An attacker authenticated as a non-administrative user can exploit CVE-2023-25618 by crafting a request with certain malicious parameters.
You can find more information about CVE-2023-25618 in the SAP Support Portal and the SAP security document.