CVE-2023-25615

MEDIUM

SAP ABAP Platform 751, 753, 754, 756, 757, 791 - Authenticated SQL Injection

Title source: llm

Description

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3289844

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.8

EPSS 0.0053

EPSS Percentile 67.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (6)

sap/abap_platform 751

sap/abap_platform 753

sap/abap_platform 754

sap/abap_platform 756

sap/abap_platform 757

sap/abap_platform 791

Published Mar 14, 2023

Tracked Since Feb 18, 2026