Lucene search

SapCVELIST:CVE-2023-41367

HistorySep 12, 2023 - 1:59 a.m.

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

2023-09-1201:59:55

CWE-306

sap

www.cve.org

cve-2023-41367

missing authentication check

sap netweaver

guided procedures

unauthorized access

webdynpro application

version 7.50

admin view

email address

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (Guided Procedures)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

me.sap.com/notes/3348142

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-41367