Lucene search

[email protected]CVE-2023-41367

HistorySep 12, 2023 - 2:15 a.m.

CVE-2023-41367

2023-09-1202:15:12

CWE-306

[email protected]

web.nvd.nist.gov

sap

netweaver

authentication

webdynpro

cve-2023-41367

unauthorized access

admin view

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.

Affected configurations

NVD

Node

sapnetweaverMatch7.50

CPENameOperatorVersion
sap:netweaversap netweavereq7.50

CPE	Name	Operator	Version
sap:netweaver	sap netweaver	eq	7.50

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (Guided Procedures)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

me.sap.com/notes/3348142

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-41367

prion1 cnvd1 nvd1 cvelist1