Details of VAR-202306-1289

ID

VAR-202306-1289

CVE

CVE-2023-32114

TITLE

SAP NetWeaver Resource Management Error Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202306-865

DESCRIPTION

SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.

Trust: 1.0

sources: NVD: CVE-2023-32114

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	753	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	751	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	740	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	757	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	754	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	752	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	702	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	756	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	731	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	755	Trust: 1.0
vendor:	sap	model:	netweaver	scope:	eq	version:	750	Trust: 1.0

sources: NVD: CVE-2023-32114

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-32114
value:	LOW
Trust: 1.0
cna@sap.com:	CVE-2023-32114
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-202306-865
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2023-32114
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202306-865 // NVD: CVE-2023-32114 // NVD: CVE-2023-32114

PROBLEMTYPE DATA

problemtype:

CWE-732

Trust: 1.0

sources: NVD: CVE-2023-32114

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202306-865

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202306-865

PATCH

title:

SAP NetWeaver Remediation of resource management error vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqById.tag?id=242174

Trust: 0.6

sources: CNNVD: CNNVD-202306-865

EXTERNAL IDS

db:	NVD	id:	CVE-2023-32114	Trust: 1.6
db:	CNNVD	id:	CNNVD-202306-865	Trust: 0.6

sources: CNNVD: CNNVD-202306-865 // NVD: CVE-2023-32114

REFERENCES

url:	https://launchpad.support.sap.com/#/notes/3325642	Trust: 1.6
url:	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Trust: 1.6
url:	https://cxsecurity.com/cveshow/cve-2023-32114/	Trust: 0.6

sources: CNNVD: CNNVD-202306-865 // NVD: CVE-2023-32114

SOURCES

db:	CNNVD	id:	CNNVD-202306-865
db:	NVD	id:	CVE-2023-32114

LAST UPDATE DATE

2024-09-29T23:00:39.276000+00:00

SOURCES UPDATE DATE

db:	CNNVD	id:	CNNVD-202306-865	date:	2023-06-19T00:00:00
db:	NVD	id:	CVE-2023-32114	date:	2024-09-28T22:15:02.783

SOURCES RELEASE DATE

db:	CNNVD	id:	CNNVD-202306-865	date:	2023-06-13T00:00:00
db:	NVD	id:	CVE-2023-32114	date:	2023-06-13T03:15:09.393