CVE-2023-27270: Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform
First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes in which an attacker authenticated as a non-administrative user can craft a request with certain parameters, which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server ABAP | =700 | |
| SAP NetWeaver Application Server ABAP | =701 | |
| SAP NetWeaver Application Server ABAP | =702 | |
| SAP NetWeaver Application Server ABAP | =731 | |
| SAP NetWeaver Application Server ABAP | =740 | |
| SAP NetWeaver Application Server ABAP | =750 | |
| SAP NetWeaver Application Server ABAP | =751 | |
| SAP NetWeaver Application Server ABAP | =752 | |
| SAP NetWeaver Application Server ABAP | =753 | |
| SAP NetWeaver Application Server ABAP | =754 | |
| SAP NetWeaver Application Server ABAP | =755 | |
| SAP NetWeaver Application Server ABAP | =756 | |
| SAP NetWeaver Application Server ABAP | =757 | |
| SAP NetWeaver Application Server ABAP | =791 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-27270.
What is the severity of CVE-2023-27270?
CVE-2023-27270 has a severity rating of 6.5 (medium).
Which versions of SAP NetWeaver Application Server for ABAP and ABAP Platform are affected by CVE-2023-27270?
Versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791 of SAP NetWeaver Application Server for ABAP and ABAP Platform are affected by CVE-2023-27270.
What is the impact of CVE-2023-27270?
CVE-2023-27270 allows an attacker authenticated as a non-administrative user to craft a request with certain parameters, leading to multiple vulnerabilities in a class for test purposes.
Are there any fixes available for CVE-2023-27270?
Yes, SAP has provided fixes for CVE-2023-27270. Please refer to the official SAP support page and documentation for more information.
- collector/nvd-index
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/sap
- canonical/sap netweaver application server abap
- version/sap netweaver application server abap/700
- version/sap netweaver application server abap/701
- version/sap netweaver application server abap/702
- version/sap netweaver application server abap/731
- version/sap netweaver application server abap/740
- version/sap netweaver application server abap/750
- version/sap netweaver application server abap/751
- version/sap netweaver application server abap/752
- version/sap netweaver application server abap/753
- version/sap netweaver application server abap/754
- version/sap netweaver application server abap/755
- version/sap netweaver application server abap/756
- version/sap netweaver application server abap/757
- version/sap netweaver application server abap/791