Vulnerability Details CVE-2023-35874
SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.8%
CVSS Severity
CVSS v3 Score 6.0
References
Products affected by CVE-2023-35874
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.81
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92
-
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64nuc_7.22ext
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.22ext
-
cpe:2.3:a:sap:netweaver_application_server_abap:krnl64uc_7.53