CVE-2023-25615

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

D

ue to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.

References

Link	Resource
https://launchpad.support.sap.com/#/notes/3289844	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
https://launchpad.support.sap.com/#/notes/3289844	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:abap_platform:751:::::::*
	cpe:2.3:a:sap:abap_platform:753:::::::*
	cpe:2.3:a:sap:abap_platform:754:::::::*
	cpe:2.3:a:sap:abap_platform:756:::::::*
	cpe:2.3:a:sap:abap_platform:757:::::::*
	cpe:2.3:a:sap:abap_platform:791:::::::*

History

21 Nov 2024, 07:49

Type	Values Removed	Values Added
References	~~() https://launchpad.support.sap.com/#/notes/3289844 - Permissions Required~~	() https://launchpad.support.sap.com/#/notes/3289844 - Permissions Required
References	~~() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory~~	() https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.9~~	v2 : unknown v3 : 6.8

Information

Published : 2023-03-14 05:15

Updated : 2024-11-21 07:49

NVD link : CVE-2023-25615

Mitre link : CVE-2023-25615

CVE.ORG link : CVE-2023-25615

JSON object : View

Products Affected

abap_platform

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-25615", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2023-03-14T05:15:29.673", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3289844", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://launchpad.support.sap.com/#/notes/3289844", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.\n\n"}], "lastModified": "2024-11-21T07:49:50.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65320F25-669B-40D8-A246-07B0202C00A9"}, {"criteria": "cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1C86F45-445E-4970-A378-199A35B23F4B"}, {"criteria": "cpe:2.3:a:sap:abap_platform:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74901A8A-A556-478F-ABCD-7DCFD471210A"}, {"criteria": "cpe:2.3:a:sap:abap_platform:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "623B6391-B1E3-4C2A-93C9-AB264377BACB"}, {"criteria": "cpe:2.3:a:sap:abap_platform:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A11684D-9F45-4EE6-92B4-55050A0D8715"}, {"criteria": "cpe:2.3:a:sap:abap_platform:791:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D006CEB-0A2F-4D25-804F-4EB78C317ECF"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}