CVE-2023-25618
First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server ABAP | =700 | |
| SAP NetWeaver Application Server ABAP | =701 | |
| SAP NetWeaver Application Server ABAP | =702 | |
| SAP NetWeaver Application Server ABAP | =731 | |
| SAP NetWeaver Application Server ABAP | =740 | |
| SAP NetWeaver Application Server ABAP | =750 | |
| SAP NetWeaver Application Server ABAP | =751 | |
| SAP NetWeaver Application Server ABAP | =752 | |
| SAP NetWeaver Application Server ABAP | =753 | |
| SAP NetWeaver Application Server ABAP | =754 | |
| SAP NetWeaver Application Server ABAP | =755 | |
| SAP NetWeaver Application Server ABAP | =756 | |
| SAP NetWeaver Application Server ABAP | =757 | |
| SAP NetWeaver Application Server ABAP | =791 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-25618?
The severity of CVE-2023-25618 is medium with a CVSS score of 6.5.
Which versions of SAP NetWeaver Application Server for ABAP are affected by CVE-2023-25618?
The affected versions of SAP NetWeaver Application Server for ABAP are 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791.
What is the vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform?
The vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform is related to an unused class for error handling that can be exploited by an authenticated non-administrative user.
How can an attacker exploit CVE-2023-25618?
An attacker authenticated as a non-administrative user can exploit CVE-2023-25618 by crafting a request with certain malicious parameters.
Where can I find more information about CVE-2023-25618?
You can find more information about CVE-2023-25618 in the SAP Support Portal and the SAP security document.
- collector/nvd-index
- agent/weakness
- vendor/sap
- canonical/sap netweaver application server abap
- version/sap netweaver application server abap/700
- version/sap netweaver application server abap/701
- version/sap netweaver application server abap/702
- version/sap netweaver application server abap/731
- version/sap netweaver application server abap/740
- version/sap netweaver application server abap/750
- version/sap netweaver application server abap/751
- version/sap netweaver application server abap/752
- version/sap netweaver application server abap/753
- version/sap netweaver application server abap/754
- version/sap netweaver application server abap/755
- version/sap netweaver application server abap/756
- version/sap netweaver application server abap/757
- version/sap netweaver application server abap/791