SAP NetWeaver ABAP Privilege Escalation via Missing Auth Checks
CVE-2023-37492 Published on August 8, 2023
Missing Authorization check in SAP NetWeaver AS ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.
Vulnerability Analysis
CVE-2023-37492 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2023-37492 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2023-37492
Want to know whenever a new CVE is published for SAP Netweaver Application Server Abap? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver AS ABAP and ABAP Platform:- Version SAP_BASIS 700 is affected.
- Version SAP_BASIS 701 is affected.
- Version SAP_BASIS 702 is affected.
- Version SAP_BASIS 731 is affected.
- Version SAP_BASIS 740 is affected.
- Version SAP_BASIS 750 is affected.
- Version SAP_BASIS 752 is affected.
- Version SAP_BASIS 753 is affected.
- Version SAP_BASIS 754 is affected.
- Version SAP_BASIS 755 is affected.
- Version SAP_BASIS 756 is affected.
- Version SAP_BASIS 757 is affected.
- Version SAP_BASIS 758 is affected.
- Version SAP_BASIS 793 is affected.
- Version SAP_BASIS 804 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.