CVE-2023-0014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver ABAP Server and ABAP Platform versions SAP BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT

Description The issue is related to the bypass of the authentication procedure in the SAP NetWeaver Application Server ABAP. This could allow a remote attacker to gain unauthorized access to the system. The problem creates information about system identity in an ambiguous format, leading to a potential capture-replay vulnerability that malicious users could exploit to obtain illegitimate access to the system.

Recommendations For SAP NetWeaver ABAP Server and ABAP Platform versions SAP BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, consider applying the recommended security patches or updates from SAP to fix the authentication bypass issue. As a temporary workaround, restrict access to sensitive system functions and monitor system activity closely to minimize the risk of exploitation. Avoid using ambiguous system identity formats until the issue is resolved.