安全研究

安全漏洞
SAP NetWeaver Application Server授权错误漏洞(CVE-2023-37492)

发布日期:2023-08-07
更新日期:2023-09-20

受影响系统:
SAP SAP NetWeaver Application Server 804
SAP SAP NetWeaver Application Server 793
SAP SAP NetWeaver Application Server 758
SAP SAP NetWeaver Application Server 757
SAP SAP NetWeaver Application Server 756
SAP SAP NetWeaver Application Server 755
SAP SAP NetWeaver Application Server 754
SAP SAP NetWeaver Application Server 753
SAP SAP NetWeaver Application Server 752
SAP SAP NetWeaver Application Server 751
SAP SAP NetWeaver Application Server 750
SAP SAP NetWeaver Application Server 740
SAP SAP NetWeaver Application Server 731
SAP SAP NetWeaver Application Server 702
SAP SAP NetWeaver Application Server 701
SAP SAP NetWeaver Application Server 700
描述:
CVE(CAN) ID: CVE-2023-37492

SAP NetWeaver Application Server是德国思爱普(SAP)公司的一款应用程序服务器。
SAP NetWeaver Application Server 多个版本存在授权错误漏洞,该漏洞源于程序未实施正确的授权检查,攻击者可利用该漏洞提升权限并读取敏感信息。

<*链接:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
*>

建议:
厂商补丁:

SAP
---
SAP已经为此发布了一个安全公告(September-2023)以及相应补丁:
September-2023:SAP Security Patch Day – September 2023
链接:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

浏览次数:376
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障