What is the severity of CVE-2023-36922?

The severity of CVE-2023-36922 is critical.

What is the common vulnerability and exposure ID for SAP NetWeaver ABAP (IS-OIL) version 600?

The common vulnerability and exposure ID for SAP NetWeaver ABAP (IS-OIL) version 600 is CVE-2023-36922.

How can I fix CVE-2023-36922 in SAP NetWeaver ABAP (IS-OIL)?

Apply the necessary security patches provided by SAP to fix CVE-2023-36922 in SAP NetWeaver ABAP (IS-OIL).

Where can I find more information about CVE-2023-36922?

You can find more information about CVE-2023-36922 at the following references: [Link 1](https://me.sap.com/notes/3350297) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

Vulnerability/
CVE-2023-36922

critical

9.1

CWE

11/7/2023

9/12/2023

CVE-2023-36922: OS command injection vulnerability in SAP ECC and SAP S/4HANA (IS-OIL)

First published: Tue Jul 11 2023(Updated: )

Due to programming error in function module or report, SAP NetWeaver ABAP (IS-OIL) - versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807, allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension. On successful exploitation, the attacker can read or modify the system data as well as shut down the system.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver	=600
SAP NetWeaver	=602
SAP NetWeaver	=603
SAP NetWeaver	=604
SAP NetWeaver	=605
SAP NetWeaver	=606
SAP NetWeaver	=617
SAP NetWeaver	=618
SAP NetWeaver	=800
SAP NetWeaver	=802
SAP NetWeaver	=803
SAP NetWeaver	=804
SAP NetWeaver	=805
SAP NetWeaver	=806
SAP NetWeaver	=807

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-36922?
The severity of CVE-2023-36922 is critical.
What is the common vulnerability and exposure ID for SAP NetWeaver ABAP (IS-OIL) version 600?
The common vulnerability and exposure ID for SAP NetWeaver ABAP (IS-OIL) version 600 is CVE-2023-36922.
How does CVE-2023-36922 affect SAP NetWeaver ABAP (IS-OIL)?
CVE-2023-36922 allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) module or report.
How can I fix CVE-2023-36922 in SAP NetWeaver ABAP (IS-OIL)?
Apply the necessary security patches provided by SAP to fix CVE-2023-36922 in SAP NetWeaver ABAP (IS-OIL).
Where can I find more information about CVE-2023-36922?
You can find more information about CVE-2023-36922 at the following references: [Link 1](https://me.sap.com/notes/3350297) and [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/mitre-cve
collector/nvd-api
collector/nvd-index
collector/nvd-latest
vendor/sap
canonical/sap netweaver
version/sap netweaver/600
version/sap netweaver/602
version/sap netweaver/603
version/sap netweaver/604
version/sap netweaver/605
version/sap netweaver/606
version/sap netweaver/617
version/sap netweaver/618
version/sap netweaver/800
version/sap netweaver/802
version/sap netweaver/803
version/sap netweaver/804
version/sap netweaver/805
version/sap netweaver/806
version/sap netweaver/807

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.