Strix
26.1K

CVE-2023-40308

HIGHCVSS 7.5/10EPSS 0.62%

Last modified

CVE-2023-40308 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.

Description

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
0.62%

45.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapCommoncryptolib8.0.0
SapContent Server6.50
SapContent Server7.53
SapContent Server7.54
SapExtended Application Services And Runtime1.0
SapHana Database2.0
SapHost Agent722
SapNetweaver Application Server Abap7.22ext
SapNetweaver Application Server Abapkernel_7.22
SapNetweaver Application Server Abapkernel_7.53
SapNetweaver Application Server Abapkernel_7.54
SapNetweaver Application Server Abapkernel_7.77
SapNetweaver Application Server Abapkernel_7.85
SapNetweaver Application Server Abapkernel_7.89
SapNetweaver Application Server Abapkernel_7.91
SapNetweaver Application Server Abapkernel_7.92
SapNetweaver Application Server Abapkernel_7.93
SapNetweaver Application Server Abapkernel_8.04
SapNetweaver Application Server Abapkernel64nuc_7.22
SapNetweaver Application Server Abapkernel64nuc_7.22ext
SapNetweaver Application Server Abapkernel64uc_7.22
SapNetweaver Application Server Abapkernel64uc_7.22ext
SapNetweaver Application Server Abapkernel64uc_7.53
SapNetweaver Application Server Abapkernel64uc_8.04
SapNetweaver Application Server Javakernel_7.22
SapNetweaver Application Server Javakernel_7.53
SapNetweaver Application Server Javakernel_7.54
SapNetweaver Application Server Javakernel_7.77
SapNetweaver Application Server Javakernel_7.85
SapNetweaver Application Server Javakernel_7.89
SapNetweaver Application Server Javakernel_7.91
SapNetweaver Application Server Javakernel_7.92
SapNetweaver Application Server Javakernel_7.93
SapNetweaver Application Server Javakernel_8.04
SapNetweaver Application Server Javakernel64nuc_7.22
SapNetweaver Application Server Javakernel64nuc_7.22ext
SapNetweaver Application Server Javakernel64uc_7.22
SapNetweaver Application Server Javakernel64uc_7.22ext
SapNetweaver Application Server Javakernel64uc_7.53
SapNetweaver Application Server Javakernel64uc_8.04
SapSapssoext17.0
SapWeb Dispatcher7.22ext
SapWeb Dispatcher7.53
SapWeb Dispatcher7.54
SapWeb Dispatcher7.77
SapWeb Dispatcher7.85
SapWeb Dispatcher7.89

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-40308?
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
How severe is CVE-2023-40308?
CVE-2023-40308 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.62% probability of exploitation in the next 30 days.
How do I fix CVE-2023-40308?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-40308?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST