CVE-2023-35874

MEDIUM

SAP NetWeaver Application Server ABAP and ABAP Platform - Missing Authentication for Critical Function

Title source: llm

Description

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3318850

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.0

EPSS 0.0014

EPSS Percentile 33.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (14)

sap/netweaver_application_server_abap kernel_7.22

sap/netweaver_application_server_abap kernel_7.53

sap/netweaver_application_server_abap kernel_7.54

sap/netweaver_application_server_abap kernel_7.77

sap/netweaver_application_server_abap kernel_7.81

sap/netweaver_application_server_abap kernel_7.85

sap/netweaver_application_server_abap kernel_7.89

sap/netweaver_application_server_abap kernel_7.92

sap/netweaver_application_server_abap kernel_7.93

sap/netweaver_application_server_abap krnl64nuc_7.22

... and 4 more

Published Jul 11, 2023

Tracked Since Feb 18, 2026