SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
History

Sat, 28 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-862

Sat, 28 Sep 2024 22:15:00 +0000

Type Values Removed Values Added
Description SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Weaknesses CWE-863

Thu, 26 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-09-12T02:21:19.058Z

Updated: 2024-09-28T22:10:46.845Z

Reserved: 2023-08-14T07:36:04.796Z

Link: CVE-2023-40309

cve-icon Vulnrichment

Updated: 2024-08-02T18:31:53.172Z

cve-icon NVD

Status : Modified

Published: 2023-09-12T03:15:12.073

Modified: 2024-11-21T08:19:12.560

Link: CVE-2023-40309

cve-icon Redhat

No data.