What is CVE-2023-40308?

CVE-2023-40308 is a high-severity vulnerability in Sap_se Sap Commoncryptolib, classified under Out-of-bounds Write. CVSS score: 7.5/10. Published 2023-09-12.

How severe is CVE-2023-40308?

High severity. CVSS v3 base score is 7.5 out of 10.

Buffer overflow in Sap_se Sap Commoncryptolib

CVE-2023-40308

SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There i…

Vulnerability class: Buffer Overflow

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Sap_se Sap Commoncryptolib — versions 8
Sap_se Sap Content Server — versions 6.50, 7.53, 7.54
Sap_se Sap Extended Application Services And Runtime (Xsa) — versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00
Sap_se Sap Hana Database — versions 2.00
Sap_se Sap Host Agent — versions 722
Sap_se Sap Netweaver As Abap, Java And Abap Platform Of S/4hana On-premise — versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54
Sap_se Sapssoext — versions 17
Sap_se Sap Web Dispatcher — versions 7.22EXT, 7.53, 7.54

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

Frequently asked questions

What is CVE-2023-40308?: CVE-2023-40308 is a high-severity vulnerability in Sap_se Sap Commoncryptolib, classified under Out-of-bounds Write. CVSS score: 7.5/10. Published 2023-09-12.
How severe is CVE-2023-40308?: High severity. CVSS v3 base score is 7.5 out of 10.