{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-40308", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2023-08-14T07:36:04.796Z", "datePublished": "2023-09-12T01:21:15.083Z", "dateUpdated": "2023-09-12T01:21:15.083Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP CommonCryptoLib", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "8"}]}, {"defaultStatus": "unaffected", "packageName": "KERNEL", "product": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premise", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KERNEL 7.22"}, {"status": "affected", "version": "KERNEL 7.53"}, {"status": "affected", "version": "KERNEL 7.54"}, {"status": "affected", "version": "KERNEL 7.77"}, {"status": "affected", "version": "KERNEL 7.85"}, {"status": "affected", "version": "KERNEL 7.89"}, {"status": "affected", "version": "KERNEL 7.91"}, {"status": "affected", "version": "KERNEL 7.92"}, {"status": "affected", "version": "KERNEL 7.93"}, {"status": "affected", "version": "KERNEL 8.04"}, {"status": "affected", "version": "KERNEL64UC 7.22"}, {"status": "affected", "version": "KERNEL64UC 7.22EXT"}, {"status": "affected", "version": "KERNEL64UC 7.53"}, {"status": "affected", "version": "KERNEL64UC 8.04"}, {"status": "affected", "version": "KERNEL64NUC 7.22"}, {"status": "affected", "version": "KERNEL64NUC 7.22EXT"}]}, {"defaultStatus": "unaffected", "product": "SAP Web Dispatcher", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "7.22EXT"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "7.54"}, {"status": "affected", "version": "7.77"}, {"status": "affected", "version": "7.85"}, {"status": "affected", "version": "7.89"}]}, {"defaultStatus": "unaffected", "product": "SAP Content Server", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "6.50"}, {"status": "affected", "version": "7.53"}, {"status": "affected", "version": "7.54"}]}, {"defaultStatus": "unaffected", "product": "SAP HANA Database", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "2.00"}]}, {"defaultStatus": "unaffected", "product": "SAP Host Agent", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "722"}]}, {"defaultStatus": "unaffected", "product": "SAP Extended Application Services and Runtime (XSA)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_EXTENDED_APP_SERVICES 1"}, {"status": "affected", "version": "XS_ADVANCED_RUNTIME 1.00"}]}, {"defaultStatus": "unaffected", "product": "SAPSSOEXT", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "17"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.</p>"}], "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476: Pointer Dereference", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2023-09-12T01:21:15.083Z"}, "references": [{"url": "https://me.sap.com/notes/3327896"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Memory Corruption vulnerability in SAP CommonCryptoLib", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "92E07A81-F35C-4BF4-8AB4-E5B3C3D09487", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*", "matchCriteriaId": "85520864-E99A-4576-847C-5E0EA1E6CEC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "A02FB973-7FA0-4881-B912-27F4CFBDC673", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "ED7FD33E-6870-48EB-8695-67B9169D1808", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FF475F4D-11D8-401A-BAB8-8A31E81CEEEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "30B0858F-6AE9-4163-B001-1481FD3AFF9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*", "matchCriteriaId": "6A56308E-B097-49F3-8963-1F34E8716CD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "AF64539B-0DE2-4076-91B9-F03F4DDFAE2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "6C07042F-C47F-441E-AB32-B58A066909E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "DBC44C62-0BFD-4170-B094-C82DEA473938", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*", "matchCriteriaId": "D99F18BB-B44E-48B5-BD7C-D20E40915268", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*", "matchCriteriaId": "208F59B2-7D79-4E0E-97DA-AEB9976C8EEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*", "matchCriteriaId": "A120BC2E-92B2-404A-ADF6-F1AF512631E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*", "matchCriteriaId": "56F63498-DAC3-40EE-9625-51FA522BA0DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*", "matchCriteriaId": "06155DA1-7EDD-4EBA-8EBB-F7352F4EC7D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*", "matchCriteriaId": "104EE65A-202C-4F4E-B725-791A73687167", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*", "matchCriteriaId": "0269C487-81F8-4240-BEF8-1A7C33864519", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "379FDFC8-947E-4D09-A9DD-4B3F7481F648", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "7184F3A2-3408-4B7E-BEA6-BBF55909969F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "BB2D30A5-DB16-4CB7-8135-3CE106FA5477", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "D1657980-CBAC-41AC-A20E-18D7199EA244", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "771ED2D0-3BC5-4C36-BCEB-1A1C46667363", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "0F05534F-3D2B-4983-9CC1-3A8BC7D421C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "AE19A598-2F90-4014-AC5B-352FBC154907", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "97EDAAC4-4885-46CE-860A-DDF92FF205C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "4E53E262-A23E-4D99-B2D8-DDCBEED85EA2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*", "matchCriteriaId": "F7E61257-B187-4A83-96BD-D53CE11061D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*", "matchCriteriaId": "34E0B493-0860-4074-A383-F9C2A06EA8E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*", "matchCriteriaId": "D338B951-5C8F-4C14-931C-5F8AEA7F5924", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*", "matchCriteriaId": "525603B5-ADDC-4F58-B730-FC748A56D6E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*", "matchCriteriaId": "CA2270AE-437E-4FDE-9F53-690C0BCF9C2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*", "matchCriteriaId": "BD374580-7D80-4D7F-8D89-8F52F2DEA8D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*", "matchCriteriaId": "59253D09-D58D-4013-8F29-2172C1B83AA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "21316691-9A18-4B41-915E-491225CEF966", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "2BB08C06-0E07-4317-B1AC-C1ECCF931E7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "8692B960-38A9-4035-88F5-C33D15B6A018", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*", "matchCriteriaId": "1D9E47FB-D39A-40C3-AEEE-D6A5AE27F063", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "80C5A218-C623-41C5-A001-304046608CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*", "matchCriteriaId": "92E7B426-D50F-4AEE-B6F3-5D00C8A195F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*", "matchCriteriaId": "039A11C9-D9D1-42BC-8DD4-2BCDAAF464CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "784CA842-6657-4A02-96B0-76A66AC469C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*", "matchCriteriaId": "D3F76E6A-2F27-450C-AAB5-E49A64079CAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "47D4D542-2EC2-490B-B4E9-3E7BB8D59B77", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "950DF1E2-990E-41EF-8779-CEC54C7CDC60", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*", "matchCriteriaId": "E33D9481-3CF6-4AA3-B115-7903AC6DAE25", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*", "matchCriteriaId": "F74EE4D5-E968-4851-89E6-4152F64930F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*", "matchCriteriaId": "097ED3E8-49B1-497E-BD43-28C397FBEAE8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP CommonCryptoLib\u00a0allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n"}, {"lang": "es", "value": "SAP CommonCryptoLib permite que un atacante no autenticado cree una solicitud que, cuando se env\u00eda a un puerto abierto, provoca un error de corrupci\u00f3n de memoria en una librer\u00eda, lo que a su vez provoca que el componente de target falle y deje de estar disponible. No hay posibilidad de ver o modificar ninguna informaci\u00f3n."}], "id": "CVE-2023-40308", "lastModified": "2023-09-15T17:10:03.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2023-09-12T02:15:12.610", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://me.sap.com/notes/3327896"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "cna@sap.com", "type": "Primary"}]}

{}