CVE-2023-37491: Improper Authorization check vulnerability in SAP Message Server
First published: Tue Aug 08 2023(Updated: )
The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Message Server | =kernel_7.22 | |
| SAP Message Server | =kernel_7.53 | |
| SAP Message Server | =kernel_7.54 | |
| SAP Message Server | =kernel_7.77 | |
| SAP Message Server | =krnl64nuc_7.22 | |
| SAP Message Server | =krnl64nuc_7.22ex | |
| SAP Message Server | =rnl64uc_7.22 | |
| SAP Message Server | =rnl64uc_7.22ext | |
| SAP Message Server | =rnl64uc_7.53 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID of this vulnerability is CVE-2023-37491.
What is the severity level of CVE-2023-37491?
CVE-2023-37491 has a severity level of 8.8 (High).
Which versions of SAP Message Server are affected by CVE-2023-37491?
The versions of SAP Message Server affected by CVE-2023-37491 are KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, and KRNL64NUC 7.22EXT.
How can an authenticated malicious user bypass the ACL of SAP Message Server?
An authenticated malicious user can bypass the ACL of SAP Message Server in certain conditions, which may enable them to enter the network.
How can I fix the vulnerability CVE-2023-37491?
To fix the vulnerability CVE-2023-37491, it is recommended to apply the necessary security patches provided by SAP and follow their recommended guidance.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/severity
- agent/title
- agent/first-publish-date
- agent/weakness
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/sap
- canonical/sap message server
- version/sap message server/kernel_7.22
- version/sap message server/kernel_7.53
- version/sap message server/kernel_7.54
- version/sap message server/kernel_7.77
- version/sap message server/krnl64nuc_7.22
- version/sap message server/krnl64nuc_7.22ex
- version/sap message server/rnl64uc_7.22
- version/sap message server/rnl64uc_7.22ext
- version/sap message server/rnl64uc_7.53