CVE-2023-40309 - Vulnerability Details

- Missing Authorization check in SAP CommonCryptoLib

Description

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.

Published: 2023-09-12

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SAP_SE

SAP CommonCryptoLib

unaffected

Version	Status	Constraints
`8`	affected	—

SAP_SE

SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise

unaffected

Version	Status	Constraints
`KERNEL 7.22`	affected	—
`KERNEL 7.53`	affected	—
`KERNEL 7.54`	affected	—
`KERNEL 7.77`	affected	—
`KERNEL 7.85`	affected	—
`KERNEL 7.89`	affected	—
`KERNEL 7.91`	affected	—
`KERNEL 7.92`	affected	—
`KERNEL 7.93`	affected	—
`KERNEL 8.04`	affected	—
`KERNEL64UC 7.22`	affected	—
`KERNEL64UC 7.22EXT`	affected	—
`KERNEL64UC 7.53`	affected	—
`KERNEL64UC 8.04`	affected	—
`KERNEL64NUC 7.22`	affected	—
`KERNEL64NUC 7.22EXT`	affected	—

SAP_SE

SAP Web Dispatcher

unaffected

Version	Status	Constraints
`7.22EXT`	affected	—
`7.53`	affected	—
`7.54`	affected	—
`7.77`	affected	—
`7.85`	affected	—
`7.89`	affected	—

SAP_SE

SAP Content Server

unaffected

Version	Status	Constraints
`6.50`	affected	—
`7.53`	affected	—
`7.54`	affected	—

SAP_SE

SAP HANA Database

unaffected

Version	Status	Constraints
`2.00`	affected	—

SAP_SE

SAP Host Agent

unaffected

Version	Status	Constraints
`722`	affected	—

SAP_SE

SAP Extended Application Services and Runtime (XSA)

unaffected

Version	Status	Constraints
`SAP_EXTENDED_APP_SERVICES 1`	affected	—
`XS_ADVANCED_RUNTIME 1.00`	affected	—

SAP_SE

SAPSSOEXT

unaffected

Version	Status	Constraints
`17`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:sap:commoncryptolib:8.0.0:::::::*
	cpe:2.3:a:sap:content_server:6.50:::::::*
	cpe:2.3:a:sap:content_server:7.53:::::::*
	cpe:2.3:a:sap:content_server:7.54:::::::*
	cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:::::::*
	cpe:2.3:a:sap:hana_database:2.0:::::::*
	cpe:2.3:a:sap:host_agent:722:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:::::::*
	cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:::::::*
	cpe:2.3:a:sap:sapssoext:17.0:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.22ext:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.53:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.54:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.77:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.85:::::::*
	cpe:2.3:a:sap:web_dispatcher:7.89:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-44901	SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00162.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://me.sap.com/notes/3340576
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

History

Sat, 28 Sep 2024 22:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-862

Sat, 28 Sep 2024 22:15:00 +0000

Type	Values Removed	Values Added
Description	SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.	SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Weaknesses		CWE-863

Thu, 26 Sep 2024 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Sap Commoncryptolib Content Server Extended Application Services And Runtime Hana Database Host Agent Netweaver Application Server Abap Netweaver Application Server Java Sapssoext Web Dispatcher

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-09-12T02:21:19.058Z

Updated: 2024-09-28T22:10:46.845Z

Reserved: 2023-08-14T07:36:04.796Z

Link: CVE-2023-40309

Vulnrichment

Updated: 2024-08-02T18:31:53.172Z

NVD

Status : Modified

Published: 2023-09-12T03:15:12.073

Modified: 2024-11-21T08:19:12.560

Link: CVE-2023-40309

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-863

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object