SAP ABAP session hijacking via unsanitized DB queries
CVE-2023-25615 Published on March 14, 2023
SQL Injection vulnerability in SAP ABAP Platform
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.
Vulnerability Analysis
CVE-2023-25615 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2023-25615 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2023-25615
Want to know whenever a new CVE is published for SAP Abap Platform? stack.watch will email you.
Affected Versions
SAP ABAP Platform:- Version 751 is affected.
- Version 753 is affected.
- Version 754 is affected.
- Version 756 is affected.
- Version 757 is affected.
- Version 791 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.