CVE-2023-37491

Name of the Vulnerable Software and Affected Versions SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT

Description The issue is related to the Access Control List (ACL) of the SAP Message Server, which can be bypassed under certain conditions. This may allow an authenticated malicious user to gain unauthorized access to the network of SAP systems served by the attacked SAP Message Server, potentially leading to unauthorized read and write of data, as well as rendering the system unavailable.

Recommendations For SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, consider restricting access to the ACL to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the vulnerable ACL functionality until a patch is available. Restrict access to the SAP Message Server to minimize the risk of exploitation.