CVE-2023-35874

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Published: Jul 11, 2023
Updated: May 4, 2025
CVE: CVE-2023-35874
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	krnl64uc_7.53	krnl64uc_7.53.x
sap / netweaver_application_server_abap	kernel_7.53	kernel_7.53.x
sap / netweaver_application_server_abap	kernel_7.77	kernel_7.77.x
sap / netweaver_application_server_abap	kernel_7.81	kernel_7.81.x
sap / netweaver_application_server_abap	krnl64nuc_7.22	krnl64nuc_7.22.x
sap / netweaver_application_server_abap	krnl64nuc_7.22ext	krnl64nuc_7.22ext.x
sap / netweaver_application_server_abap	kernel_7.22	kernel_7.22.x
sap / netweaver_application_server_abap	krnl64uc_7.22	krnl64uc_7.22.x
sap / netweaver_application_server_abap	krnl64uc_7.22ext	krnl64uc_7.22ext.x
sap / netweaver_application_server_abap	kernel_7.85	kernel_7.85.x
sap / netweaver_application_server_abap	kernel_7.89	kernel_7.89.x
sap / netweaver_application_server_abap	kernel_7.54	kernel_7.54.x
sap / netweaver_application_server_abap	kernel_7.92	kernel_7.92.x
sap / netweaver_application_server_abap	kernel_7.93	kernel_7.93.x

Vulnerability Database

289,697

CVE-2023-35874