Lucene search

SapCVELIST:CVE-2023-31405

HistoryJul 11, 2023 - 2:23 a.m.

CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

2023-07-1102:23:26

CWE-117

sap

www.cve.org

cve-2023-31405

sap netweaver as

log viewer

log injection vulnerability

unauthenticated attacker

network request

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS for Java (Log Viewer)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "ENGINEAPI 7.50"
      },
      {
        "status": "affected",
        "version": "SERVERCORE 7.50"
      },
      {
        "status": "affected",
        "version": "J2EE-APPS 7.50"
      }
    ]
  }
]

References

me.sap.com/notes/3324732

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON

Related for CVELIST:CVE-2023-31405