CVE-2023-37492: Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
First published: Tue Aug 08 2023(Updated: )
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server ABAP | =700 | |
| SAP NetWeaver Application Server ABAP | =701 | |
| SAP NetWeaver Application Server ABAP | =702 | |
| SAP NetWeaver Application Server ABAP | =731 | |
| SAP NetWeaver Application Server ABAP | =740 | |
| SAP NetWeaver Application Server ABAP | =750 | |
| SAP NetWeaver Application Server ABAP | =752 | |
| SAP NetWeaver Application Server ABAP | =753 | |
| SAP NetWeaver Application Server ABAP | =754 | |
| SAP NetWeaver Application Server ABAP | =755 | |
| SAP NetWeaver Application Server ABAP | =756 | |
| SAP NetWeaver Application Server ABAP | =757 | |
| SAP NetWeaver Application Server ABAP | =758 | |
| SAP NetWeaver Application Server ABAP | =793 | |
| SAP NetWeaver Application Server ABAP | =804 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-37492?
The severity of CVE-2023-37492 is medium with a CVSS score of 6.5.
Which versions of SAP NetWeaver Application Server ABAP are affected by CVE-2023-37492?
SAP NetWeaver Application Server ABAP versions SAP_BASIS 700 to SAP_BASIS 804 are affected by CVE-2023-37492.
How can I fix CVE-2023-37492?
To fix CVE-2023-37492, apply the necessary security patches provided by SAP.
Are there any references for CVE-2023-37492?
Yes, you can refer to the following links for more information on CVE-2023-37492: [Link 1](https://me.sap.com/notes/3348000), [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
What is the Common Weakness Enumeration (CWE) ID associated with CVE-2023-37492?
The Common Weakness Enumeration (CWE) ID associated with CVE-2023-37492 is CWE-862.
- collector/nvd-index
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap netweaver application server abap
- version/sap netweaver application server abap/700
- version/sap netweaver application server abap/701
- version/sap netweaver application server abap/702
- version/sap netweaver application server abap/731
- version/sap netweaver application server abap/740
- version/sap netweaver application server abap/750
- version/sap netweaver application server abap/752
- version/sap netweaver application server abap/753
- version/sap netweaver application server abap/754
- version/sap netweaver application server abap/755
- version/sap netweaver application server abap/756
- version/sap netweaver application server abap/757
- version/sap netweaver application server abap/758
- version/sap netweaver application server abap/793
- version/sap netweaver application server abap/804