CVE-2023-33989
In SAP Software existieren mehrere Schwachstellen. Diese bestehen in den Komponenten SAP PowerDesigner, B1i module of SAP Business One, SAP ECC, SAP S4/HANA, SAP Commerce Cloud, SAP Netweaver, SAP Business One, SAP BusinessObjects Business Intelligence Platform, SAP Message Server, SRM, SAP NetWeaver Process Integration, SAP Commerce (OCC API), SAP Supplier Relationship Management, SAP NetWeaver AS ABAP and ABAP Platform sowie SAP Host Agent. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um beliebigen Programmcode auszuführen, Informationen offenzulegen, einen Cross-Site-Scripting-Angriff durchzuführen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.
EPSS 0.26% · 49.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP | SAP Software |
Timeline
- Jul 11, 2023 EPSS Score
- Jul 11, 2023 CVE Published
- Aug 15, 2023 EPSS Score
- Sep 18, 2023 EPSS Score
- Oct 23, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Dec 31, 2023 EPSS Score
- Feb 3, 2024 EPSS Score
- Mar 9, 2024 EPSS Score
- Apr 12, 2024 EPSS Score
- May 17, 2024 EPSS Score
- Jun 21, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1705.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1705 advisory
- https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1980.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1980 advisory