CVE-2023-23854: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server for ABAP and ABAP Platform versions 700, 701, 702, 731, 740, 750, 751, 752 contains a security vulnerability related to missing authorization checks. The vulnerability was disclosed on February 14, 2023, and is tracked as CVE-2023-23854. This vulnerability affects authenticated users and can lead to privilege escalation (NVD).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received varying CVSS v3.1 scores. The NVD assigned a base score of 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, while SAP SE rated it at 3.8 (Low) with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L. The vulnerability is network-accessible and requires low attack complexity, with no user interaction needed for exploitation (NVD, AttackerKB).

When exploited, this vulnerability allows an authenticated user to escalate their privileges due to missing authorization checks in the system. The impact primarily affects the integrity and availability of the system, with no direct impact on confidentiality as indicated by the CVSS metrics (NVD).

SAP has released security patches to address this vulnerability. Users should refer to SAP Security Note 3287291 for detailed mitigation instructions (SAP Note).