CVE-2023-25618
Published on: Not Yet Published
Last Modified on: 04/11/2023 10:15:00 PM UTC
Certain versions of Netweaver Application Server Abap from Sap contain the following vulnerability:
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
- CVE-2023-25618 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.5 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | NONE | NONE | HIGH |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| No Description Provided | launchpad.support.sap.com text/html |
MISC launchpad.support.sap.com/#/notes/3296346 |
| SAP Patch Day Blog | web.archive.org text/html Inactive LinkNot Archived |
MISC www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
Related QID Numbers
- 87537 SAP NetWeaver AS for ABAP and ABAP Platform Multiple Vulnerabilities
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Netweaver Application Server Abap | 700 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 701 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 702 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 731 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 740 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 750 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 751 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 752 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 753 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 754 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 755 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 756 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 757 | All | All | All |
| Application | Sap | Netweaver Application Server Abap | 791 | All | All | All |
- cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*:
- cpe:2.3:a:sap:netweaver_application_server_abap:791:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2023-25618 : #SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 7… twitter.com/i/web/status/1… | 2023-03-14 05:07:29 |
 /r/netcve |
CVE-2023-25618 | 2023-03-14 05:38:21 |