First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Application Server ABAP | =700 | |
SAP NetWeaver Application Server ABAP | =701 | |
SAP NetWeaver Application Server ABAP | =702 | |
SAP NetWeaver Application Server ABAP | =731 | |
SAP NetWeaver Application Server ABAP | =740 | |
SAP NetWeaver Application Server ABAP | =750 | |
SAP NetWeaver Application Server ABAP | =751 | |
SAP NetWeaver Application Server ABAP | =752 | |
SAP NetWeaver Application Server ABAP | =753 | |
SAP NetWeaver Application Server ABAP | =754 | |
SAP NetWeaver Application Server ABAP | =755 | |
SAP NetWeaver Application Server ABAP | =756 | |
SAP NetWeaver Application Server ABAP | =757 | |
SAP NetWeaver Application Server ABAP | =791 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-27270.
CVE-2023-27270 has a severity rating of 6.5 (medium).
Versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791 of SAP NetWeaver Application Server for ABAP and ABAP Platform are affected by CVE-2023-27270.
CVE-2023-27270 allows an attacker authenticated as a non-administrative user to craft a request with certain parameters, leading to multiple vulnerabilities in a class for test purposes.
Yes, SAP has provided fixes for CVE-2023-27270. Please refer to the official SAP support page and documentation for more information.