What is CVE-2023-40309?

CVE-2023-40309 is a critical-severity vulnerability in Sap_se Sap Commoncryptolib, classified under Incorrect Authorization. CVSS score: 9.8/10. Published 2023-09-12.

How severe is CVE-2023-40309?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Sap_se Sap Commoncryptolib

CVE-2023-40309

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of…

Vulnerability class: Broken Access Control

EPSS: 0.002 (36.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Sap_se Sap Commoncryptolib — versions 8
Sap_se Sap Content Server — versions 6.50, 7.53, 7.54
Sap_se Sap Extended Application Services And Runtime (Xsa) — versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00
Sap_se Sap Hana Database — versions 2.00
Sap_se Sap Host Agent — versions 722
Sap_se Sap Netweaver As Abap, Java And Abap Platform Of S/4hana On-premise — versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54
Sap_se Sapssoext — versions 17
Sap_se Sap Web Dispatcher — versions 7.22EXT, 7.53, 7.54

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

Frequently asked questions

What is CVE-2023-40309?: CVE-2023-40309 is a critical-severity vulnerability in Sap_se Sap Commoncryptolib, classified under Incorrect Authorization. CVSS score: 9.8/10. Published 2023-09-12.
How severe is CVE-2023-40309?: Critical severity. CVSS v3 base score is 9.8 out of 10.