How severe is CVE-2023-35874?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.4 out of 10.

What type of vulnerability is CVE-2023-35874?

This is classified as CWE-306, which is a common weakness in software security.

CVE-2023-35874 - HIGH Severity | CVSS 7.4

Vulnerability Description

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, performs improper authentication checks for functionalities that require user identity. An attacker can perform malicious actions over the network, extending the scope of impact, causing a limited impact on confidentiality, integrity and availability.

Related Vulnerabilities

CVE-2017-6873

HIGH

CVSS:7.4(High)

A vulnerability was discovered in Siemens OZW672 (all versions) and OZW772 (all versions) that could allow an attacker to read and manipulate data in TLS sessions while performing a man-in-the-middle ...

CWE-3062017

CVE-2019-5152

HIGH

CVSS:7.4(High)

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network p...

CWE-3062019

CVE-2020-4670

HIGH

CVSS:7.4(High)

IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis server, an in-memory data structure store, running on the remote host is not protected by password authentication. A remote attac...

CWE-3062020

CVE-2020-4958

HIGH

CVSS:7.4(High)

IBM Security Identity Governance and Intelligence 5.2.6 does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. IBM ...

CWE-3062020

CVE-2021-32700

HIGH

CVSS:7.4(High)

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via M...

CWE-3062021

CVE-2023-5935

HIGH

CVSS:7.4(High)

When configuring Arc (e.g. during the first setup), a local web interface is provided to ease the configuration process. Such web interface lacks authentication and may thus be abused by a local attac...

CWE-3062023