CERTFR-2023-AVI-0942
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
SAP | SAP NetWeaver AS Java | SAP NetWeaver AS Java version 7.5 | ||
SAP | N/A | SAPSSOEXT version 17 | ||
SAP | N/A | SAPExtended Application Services et Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00 | ||
SAP | N/A | SAPHost Agent version 722 | ||
SAP | N/A | Product-SAP IQ version 16.0 | ||
SAP | N/A | SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89 | ||
SAP | N/A | Product-SAP ASE versions 15.7, 16.0 | ||
SAP | N/A | SAP Business One version 10.0 | ||
SAP | NetWeaver Application Server ABAP et ABAP Platform | SAP NetWeaver Application Server ABAP et ABAP Platform versions KERNEL 722, KERNEL 7.53, KERNEL 7.77,KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT | ||
SAP | N/A | Product-SAP SQL Anywhere versions 16.0, 17.0 | ||
SAP | N/A | SAP CommonCryptoLib version 8 | ||
SAP | N/A | Product-SAP ASE Cluster Edition version 15.7 | ||
SAP | N/A | Product-SAP Event Stream Processor version 5.1 | ||
SAP | SAP NetWeaver AS Java | SAP NetWeaver AS ABAP, SAP NetWeaver AS Java et ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT | ||
SAP | N/A | SAPHANA Database version 2.0 | ||
SAP | N/A | SAPContent Server versions 6.50, 7.53, 7.54 | ||
SAP | Replication Server | Product-SAP Replication Server version 15.7 | ||
SAP | N/A | NetWeaver AS Java version 7.50 |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "SAP NetWeaver AS Java version 7.5", "product": { "name": "SAP NetWeaver AS Java", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAPSSOEXT version 17", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAPExtended Application Services et Runtime (XSA) versions SAP_EXTENDED_APP_SERVICES 1, XS_ADVANCED_RUNTIME 1.00", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAPHost Agent version 722", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP IQ version 16.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Web Dispatcher versions 7.22EXT, 7.53, 7.54, 7.77, 7.85, 7.89", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP ASE versions 15.7, 16.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP Business One version 10.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver Application Server ABAP et ABAP Platform versions KERNEL 722, KERNEL 7.53, KERNEL 7.77,KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT", "product": { "name": "NetWeaver Application Server ABAP et ABAP Platform", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP SQL Anywhere versions 16.0, 17.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP CommonCryptoLib version 8", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP ASE Cluster Edition version 15.7", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP Event Stream Processor version 5.1", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAP NetWeaver AS ABAP, SAP NetWeaver AS Java et ABAP Platform of S/4HANA on-premise versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.22, KERNEL 8.04, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64UC 8.04, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT", "product": { "name": "SAP NetWeaver AS Java", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAPHANA Database version 2.0", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "SAPContent Server versions 6.50, 7.53, 7.54", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } }, { "description": "Product-SAP Replication Server version 15.7", "product": { "name": "Replication Server", "vendor": { "name": "SAP", "scada": false } } }, { "description": "NetWeaver AS Java version 7.50", "product": { "name": "N/A", "vendor": { "name": "SAP", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2023-40309", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40309" }, { "name": "CVE-2023-42477", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42477" }, { "name": "CVE-2023-31403", "url": "https://www.cve.org/CVERecord?id=CVE-2023-31403" }, { "name": "CVE-2023-42480", "url": "https://www.cve.org/CVERecord?id=CVE-2023-42480" }, { "name": "CVE-2023-41366", "url": "https://www.cve.org/CVERecord?id=CVE-2023-41366" } ], "initial_release_date": "2023-11-15T00:00:00", "last_revision_date": "2023-11-15T00:00:00", "links": [], "reference": "CERTFR-2023-AVI-0942", "revisions": [ { "description": "Version initiale", "revision_date": "2023-11-15T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 SAP ucQrx6G du 14 novembre 2023", "url": "https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a\u0026rc=1" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…