CVE-2023-41366

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

Published: Nov 14, 2023
Updated: Nov 21, 2023
CVE: CVE-2023-41366
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-497

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	kernel_7.53	kernel_7.53.x
sap / netweaver_application_server_abap	kernel_7.77	kernel_7.77.x
sap / netweaver_application_server_abap	kernel_7.22	kernel_7.22.x
sap / netweaver_application_server_abap	kernel_7.85	kernel_7.85.x
sap / netweaver_application_server_abap	kernel_7.89	kernel_7.89.x
sap / netweaver_application_server_abap	kernel_7.54	kernel_7.54.x
sap / netweaver_application_server_abap	kernel_7.92	kernel_7.92.x
sap / netweaver_application_server_abap	kernel_7.93	kernel_7.93.x
sap / netweaver_application_server_abap	kernel64nuc_7.22	kernel64nuc_7.22.x
sap / netweaver_application_server_abap	kernel64nuc_7.22ext	kernel64nuc_7.22ext.x
sap / netweaver_application_server_abap	kernel64uc_7.22	kernel64uc_7.22.x
sap / netweaver_application_server_abap	kernel64uc_7.22ext	kernel64uc_7.22ext.x
sap / netweaver_application_server_abap	kernel64uc_7.53	kernel64uc_7.53.x
sap / netweaver_application_server_abap	kernel_7.91	kernel_7.91.x
sap / netweaver_application_server_abap	kernel_7.94	kernel_7.94.x

Vulnerability Database

289,697

CVE-2023-41366