We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-37491

Improper Authorization check vulnerability in SAP Message Server



Description

The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.

Reserved 2023-07-06 | Published 2023-08-08 | Updated 2024-10-22 | Assigner sap


HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-863: Incorrect Authorization

Product status

Default status
unaffected

KERNEL 7.22
affected

KERNEL 7.53
affected

KERNEL 7.54
affected

KERNEL 7.77
affected

RNL64UC 7.22
affected

RNL64UC 7.22EXT
affected

RNL64UC 7.53
affected

KRNL64NUC 7.22
affected

KRNL64NUC 7.22EXT
affected

References

me.sap.com/notes/3344295

www.sap.com/.../02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

cve.org (CVE-2023-37491)

nvd.nist.gov (CVE-2023-37491)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-37491

Support options

Helpdesk Chat, Email, Knowledgebase