CVE-2023-28763: SAP NetWeaver ABAP DoS via crafted request
CVE-2023-28763 Published on April 11, 2023
Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
Vulnerability Analysis
CVE-2023-28763 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2023-28763 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2023-28763
Want to know whenever a new CVE is published for SAP Netweaver Application Server Abap? stack.watch will email you.
Affected Versions
SAP NetWeaver AS for ABAP and ABAP Platform:- Version 740 is affected.
- Version 750 is affected.
- Version 751 is affected.
- Version 752 is affected.
- Version 753 is affected.
- Version 754 is affected.
- Version 755 is affected.
- Version 756 is affected.
- Version 757 is affected.
- Version 791 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.