CVE-2023-25618— SAP NetWeaver Application Server 资源管理错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-25618の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Denial of Service (DoS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform
ソース: NVD (National Vulnerability Database)
脆弱性説明
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with certain parameters which will consume the server's resources sufficiently to make it unavailable. There is no ability to view or modify any information.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
未加控制的资源消耗(资源穷尽)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
SAP NetWeaver Application Server 资源管理错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
SAP NetWeaver Application Server是德国思爱普(SAP)公司的一款应用程序服务器。 SAP NetWeaver Application Server存在资源管理错误漏洞,该漏洞源于存在错误处理类,攻击者利用该漏洞可以使用某些参数制作请求消耗服务器的资源以使其不可用。以下产品和版本受到影响:SAP NetWeaver Application Server 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 75
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| SAP | NetWeaver AS for ABAP and ABAP Platform | 700 | - |
II. CVE-2023-25618の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-25618のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · SAP · 2023-03-14 · 21 CVEs total
| CVE-2023-23857 | 9.9 CRITICAL | Improper Access Control in SAP NetWeaver AS for Java |
| CVE-2023-25616 | 9.9 CRITICAL | Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC) |
| CVE-2023-27500 | 9.6 CRITICAL | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-27269 | 9.6 CRITICAL | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-25617 | 9.0 CRITICAL | OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform |
| CVE-2023-27893 | 8.8 HIGH | Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI) |
| CVE-2023-27501 | 8.7 HIGH | Directory Traversal vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-26459 | 7.4 HIGH | Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Pla |
| CVE-2023-27498 | 7.2 HIGH | Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL) |
| CVE-2023-25615 | 6.8 MEDIUM | SQL Injection vulnerability in SAP ABAP Platform |
| CVE-2023-26461 | 6.8 MEDIUM | XML External Entity (XXE) vulnerability in SAP NetWeaver (SAP Enterprise Portal) |
| CVE-2023-27896 | 6.5 MEDIUM | Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platfo |
| CVE-2023-27271 | 6.5 MEDIUM | Server Side Request Forgery (SSRF) in the SAP BusinessObjects Business Intelligence platfo |
| CVE-2023-27270 | 6.5 MEDIUM | Denial of Service (DoS) in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-26457 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Content Server |
| CVE-2023-27895 | 6.1 MEDIUM | Information Disclosure vulnerability in SAP Authenticator for Android |
| CVE-2023-27268 | 5.3 MEDIUM | Improper Access Control in SAP NetWeaver AS Java (Object Analyzing Service) |
| CVE-2023-26460 | 5.3 MEDIUM | Improper Access Control in SAP NetWeaver AS Java (Cache Management Service) |
| CVE-2023-24526 | 5.3 MEDIUM | Improper Access Control in SAP NetWeaver AS Java (Classload Service) |
| CVE-2023-27894 | 5.0 MEDIUM | Sensitive Information Disclosure in the SAP BusinessObjects Business Intelligence platform |
IV. 関連脆弱性
同じベンダー: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29187
DLL Hijacking vulnerability in SapSetup (Software Installati - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr
同じ弱点: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. CVE-2023-25618へのコメント
まだコメントはありません