发布日期：2023-02-13
更新日期：2023-04-21

受影响系统：

SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 752
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 751
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 750
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 740
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 731
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 702
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 701
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 700

描述：

---

CVE(CAN) ID: CVE-2023-23854

SAP NetWeaver Application Server是德国思爱普（SAP）公司的一款应用程序服务器。
SAP NetWeaver Application Server for ABAP and ABAP Platform 700、701、702、731、740、750、751和752版本存在授权绕过漏洞，该漏洞源于程序未对经过身份认证的用户进行正确的授权检查，攻击者可利用该漏洞导致权限提升。

<*链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
*>

建议：

---

厂商补丁：

SAP
---
SAP已经为此发布了一个安全公告（2023-01-10）以及相应补丁:
2023-01-10：SAP Security Patch Day – April 2023
链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

浏览次数：394
严重程度：0（网友投票）