CVE-2023-25618

MEDIUM

SAP NetWeaver Application Server ABAP - Authenticated Denial of Service via Error Handling Class

Title source: llm

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3296346

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.5

EPSS 0.0054

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (14)

sap/netweaver_application_server_abap 700

sap/netweaver_application_server_abap 701

sap/netweaver_application_server_abap 702

sap/netweaver_application_server_abap 731

sap/netweaver_application_server_abap 740

sap/netweaver_application_server_abap 750

sap/netweaver_application_server_abap 751

sap/netweaver_application_server_abap 752

sap/netweaver_application_server_abap 753

sap/netweaver_application_server_abap 754

... and 4 more

Published Mar 14, 2023

Tracked Since Feb 18, 2026