Sign-up

ID

VAR-202307-1066


CVE

CVE-2023-35873


TITLE

SAP  of  SAP NetWeaver Process Integration  Vulnerability regarding lack of authentication for critical features in

Trust: 0.8

sources: JVNDB: JVNDB-2023-021769

DESCRIPTION

The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application. SAP of SAP NetWeaver Process Integration There is a vulnerability in the lack of authentication for critical features.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-35873 // JVNDB: JVNDB-2023-021769 // VULMON: CVE-2023-35873

AFFECTED PRODUCTS

vendor:sapmodel:netweaver process integrationscope:eqversion:7.50

Trust: 1.8

vendor:sapmodel:netweaver process integrationscope: - version: -

Trust: 0.8

vendor:sapmodel:netweaver process integrationscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-021769 // NVD: CVE-2023-35873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-35873
value: MEDIUM

Trust: 1.0

cna@sap.com: CVE-2023-35873
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-35873
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202307-685
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-35873
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 2.0

NVD: CVE-2023-35873
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-021769 // CNNVD: CNNVD-202307-685 // NVD: CVE-2023-35873 // NVD: CVE-2023-35873

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:Lack of authentication for critical features (CWE-306) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021769 // NVD: CVE-2023-35873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-685

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202307-685

PATCH

title:SAP NetWeaver Process Integration Fixes for access control error vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246817

Trust: 0.6

sources: CNNVD: CNNVD-202307-685

EXTERNAL IDS

db:NVDid:CVE-2023-35873

Trust: 3.3

db:JVNDBid:JVNDB-2023-021769

Trust: 0.8

db:CNNVDid:CNNVD-202307-685

Trust: 0.6

db:VULMONid:CVE-2023-35873

Trust: 0.1

sources: VULMON: CVE-2023-35873 // JVNDB: JVNDB-2023-021769 // CNNVD: CNNVD-202307-685 // NVD: CVE-2023-35873

REFERENCES

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 2.5

url:https://me.sap.com/notes/3343547

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2023-35873

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-35873/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-35873 // JVNDB: JVNDB-2023-021769 // CNNVD: CNNVD-202307-685 // NVD: CVE-2023-35873

SOURCES

db:VULMONid:CVE-2023-35873
db:JVNDBid:JVNDB-2023-021769
db:CNNVDid:CNNVD-202307-685
db:NVDid:CVE-2023-35873

LAST UPDATE DATE

2024-08-14T14:01:44.997000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-35873date:2023-07-11T00:00:00
db:JVNDBid:JVNDB-2023-021769date:2024-01-19T08:08:00
db:CNNVDid:CNNVD-202307-685date:2023-07-20T00:00:00
db:NVDid:CVE-2023-35873date:2023-07-19T15:27:53.343

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-35873date:2023-07-11T00:00:00
db:JVNDBid:JVNDB-2023-021769date:2024-01-19T00:00:00
db:CNNVDid:CNNVD-202307-685date:2023-07-11T00:00:00
db:NVDid:CVE-2023-35873date:2023-07-11T03:15:09.993