CVE-2023-29185
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/04/2023
Last modified:
18/04/2023
Description
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server&#39;s resources sufficiently to make it unavailable over the network without any user interaction.<br />
<br />
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:740:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:755:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:756:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_as_abap_business_server_pages:757:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page