CVE-2023-37491 - OpenCVE

The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Message Server

Configuration 1 [-]

OR	cpe:2.3:a:sap:message_server:kernel_7.22:::::::*
	cpe:2.3:a:sap:message_server:kernel_7.53:::::::*
	cpe:2.3:a:sap:message_server:kernel_7.54:::::::*
	cpe:2.3:a:sap:message_server:kernel_7.77:::::::*
	cpe:2.3:a:sap:message_server:krnl64nuc_7.22:::::::*
	cpe:2.3:a:sap:message_server:krnl64nuc_7.22ex:::::::*
	cpe:2.3:a:sap:message_server:rnl64uc_7.22:::::::*
	cpe:2.3:a:sap:message_server:rnl64uc_7.22ext:::::::*
	cpe:2.3:a:sap:message_server:rnl64uc_7.53:::::::*

References

Link	Resource
https://me.sap.com/notes/3344295	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2023-08-08T00:46:40.819Z

Updated: 2023-08-08T00:46:40.819Z

Reserved: 2023-07-06T14:57:18.510Z

Link: CVE-2023-37491

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-08-08T01:15:18.840

Modified: 2023-08-09T18:20:38.800

Link: CVE-2023-37491

JSON object: View

Redhat Information

No data.

CWE

CWE-285

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-37491", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2023-07-06T14:57:18.510Z", "datePublished": "2023-08-08T00:46:40.819Z", "dateUpdated": "2023-08-08T00:46:40.819Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Message Server", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "KERNEL 7.53"}, {"status": "affected", "version": "KERNEL 7.54"}, {"status": "affected", "version": "KERNEL 7.77"}, {"status": "affected", "version": "RNL64UC 7.22"}, {"status": "affected", "version": "RNL64UC 7.22EXT"}, {"status": "affected", "version": "RNL64UC 7.53"}, {"status": "affected", "version": "KRNL64NUC 7.22"}, {"status": "affected", "version": "KRNL64NUC 7.22EXT"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The ACL (Access\u00a0Control\u00a0List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.</p>"}], "value": "The ACL (Access\u00a0Control\u00a0List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-285", "description": "CWE-285: Improper Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2023-08-08T00:46:40.819Z"}, "references": [{"url": "https://me.sap.com/notes/3344295"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Improper Authorization check vulnerability in SAP Message Server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:message_server:kernel_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "C5B5281B-885B-4121-9532-E3BDA2325273", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:kernel_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "253C27F5-F9DF-4A73-BEC4-1710A14DD008", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:kernel_7.54:*:*:*:*:*:*:*", "matchCriteriaId": "231F8984-8AF6-4AA1-8E9E-0DA7860F70AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:kernel_7.77:*:*:*:*:*:*:*", "matchCriteriaId": "8066016B-B096-49F2-9DE1-A86C2B863AF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "2A1340C0-7CA8-4CE6-9E20-2ED434EBFD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:krnl64nuc_7.22ex:*:*:*:*:*:*:*", "matchCriteriaId": "4FA177BA-4BEA-48C8-B142-8120E0112551", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "992F4CF6-2ECD-41AF-923C-399C74E1F84D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "D95E9CA2-8B8A-47AF-BD8F-642F59783B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:message_server:rnl64uc_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "D1875FA4-5448-47D5-9E86-416E2DFA5E6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ACL (Access\u00a0Control\u00a0List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.\n\n"}], "id": "CVE-2023-37491", "lastModified": "2023-08-09T18:20:38.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2023-08-08T01:15:18.840", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3344295"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "cna@sap.com", "type": "Primary"}]}