Lucene search

SapCVELIST:CVE-2023-28761

HistoryApr 11, 2023 - 2:51 a.m.

CVE-2023-28761 Missing Authentication check in SAP NetWeaver Enterprise Portal

2023-04-1102:51:23

CWE-306

sap

www.cve.org

cve-2023-28761

missing authentication check

sap netweaver

enterprise portal

open interface

api access

server settings

data access

confidentiality

integrity

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.5%

JSON

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetWeaver Enterprise Portal",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3289994

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

35.5%

JSON

Related for CVELIST:CVE-2023-28761