SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.
Metrics
Affected Vendors & Products
References
History
Sat, 28 Sep 2024 22:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-862 |
Sat, 28 Sep 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. | SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data. |
Weaknesses | CWE-863 |
Thu, 26 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: sap
Published: 2023-09-12T02:21:19.058Z
Updated: 2024-09-28T22:10:46.845Z
Reserved: 2023-08-14T07:36:04.796Z
Link: CVE-2023-40309
Vulnrichment
Updated: 2024-08-02T18:31:53.172Z
NVD
Status : Modified
Published: 2023-09-12T03:15:12.073
Modified: 2024-11-21T08:19:12.560
Link: CVE-2023-40309
Redhat
No data.