CVE-2023-37492

MEDIUM

SAP NetWeaver Application Server ABAP - Missing Authorization Checks

Title source: llm

Description

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3348000

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.9

EPSS 0.0011

EPSS Percentile 28.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862 CWE-863

Status published

Products (15)

sap/netweaver_application_server_abap 700

sap/netweaver_application_server_abap 701

sap/netweaver_application_server_abap 702

sap/netweaver_application_server_abap 731

sap/netweaver_application_server_abap 740

sap/netweaver_application_server_abap 750

sap/netweaver_application_server_abap 752

sap/netweaver_application_server_abap 753

sap/netweaver_application_server_abap 754

sap/netweaver_application_server_abap 755

... and 5 more

Published Aug 08, 2023

Tracked Since Feb 18, 2026