China National Vulnerability DatabaseCNVD-2023-03052SAP NetWeaver AS Access Control Error Vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SAP NetWeaver AS is a SAP Web Application Server from SAP Germany. It not only provides network services, but is also the basic platform for SAP software. The Java-based SAP NetWeaver AS version 7.50 contains an access control error vulnerability that stems from improper access control and could be exploited by an unauthenticated attacker to attach to open interfaces and access services using open naming and directory APIs, which could be used to perform unauthorized operations affecting users and data on the current system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| sap sap netweaver as | eq | 7.5 |
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H