March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
November 15, 2023Rewterz Threat Alert – Fashion Industry Professionals Targeted by Ducktail Malware’s Newest Campaign – Active IOCs
November 15, 2023Rewterz Threat Alert – North Korea Linked Konni APT Group – Active IOCs
November 15, 2023Rewterz Threat Alert – Fashion Industry Professionals Targeted by Ducktail Malware’s Newest Campaign – Active IOCs
November 15, 2023
Severity
Medium
Analysis Summary
CVE-2023-31403 CVSS: 9.6
SAP Business One could allow a remote attacker to bypass security restrictions, caused by not perform proper authentication and authorization checks for SMB shared folder. By sending a specially crafted request, an attacker could exploit this vulnerability to read and write to the SMB shared folder.
CVE-2023-42480 CVSS: 5.3
SAP NetWeaver AS Java could allow a remote attacker to obtain sensitive information, caused by a flaw in the login function. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain user ids information, and use this information to launch further attacks against the affected system.
CVE-2023-41366 CVSS: 5.3
SAP NetWeaver AS ABAP and ABAP Platform could allow a remote attacker to obtain sensitive information, caused by improper access control. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-31403
- CVE-2023-42480
- CVE-2023-41366
Affected Vendors
SAP
Affected Products
- SAP Business One 10.0
- SAP NetWeaver AS Java 7.50
- SAP NetWeaver AS ABAP KERNEL 7.22
- SAP NetWeaver AS ABAP KERNEL 7.53
- SAP NetWeaver AS ABAP KERNEL 7.77
- SAP NetWeaver AS ABAP Platform KERNEL 7.22
- SAP NetWeaver AS ABAP Platform KERNEL 7.77
- SAP NetWeaver AS ABAP KERNEL 7.85
- SAP NetWeaver AS ABAP Platform KERNEL 7.85
- SAP NetWeaver AS ABAP KERNEL 7.89
- SAP NetWeaver AS ABAP KERNEL 7.54
- SAP NetWeaver AS ABAP KERNEL 7.92
- SAP NetWeaver AS ABAP KERNEL 7.93
- SAP NetWeaver AS ABAP Platform KERNEL 7.53
- SAP NetWeaver AS ABAP Platform KERNEL 7.89
- SAP NetWeaver AS ABAP Platform KERNEL 7.54
- SAP NetWeaver AS ABAP Platform KERNEL 7.92
- SAP NetWeaver AS ABAP Platform KERNEL 7.93
- SAP NetWeaver AS ABAP KERNEL 7.91
- SAP NetWeaver AS ABAP KERNEL 7.94
- SAP NetWeaver AS ABAP KERNEL64UC 7.22EXT
- SAP NetWeaver AS ABAP KERNEL64UC 7.53
- SAP NetWeaver AS ABAP KERNEL64UC 7.22
- SAP NetWeaver AS ABAP KERNEL64NUC 7.22
- SAP NetWeaver AS ABAP KERNEL64NUC 7.22EXT
- SAP NetWeaver AS ABAP Platform KERNEL 7.91
- SAP NetWeaver AS ABAP Platform KERNEL 7.94
- SAP NetWeaver AS ABAP Platform KERNEL64UC 7.22
- SAP NetWeaver AS ABAP Platform KERNEL64UC 7.22EXT
- SAP NetWeaver AS ABAP Platform KERNEL64UC 7.53
- SAP NetWeaver AS ABAP Platform KERNEL64NUC 7.22
- SAP NetWeaver AS ABAP Platform KERNEL64NUC 7.22EXT
Remediation
Refer to SAP Security Advisory for patch information, available from the SAP Web site. Login required.