Lucene search

K
cvelistSapCVELIST:CVE-2023-42480
HistoryNov 14, 2023 - 1:02 a.m.

CVE-2023-42480 Information Disclosure in NetWeaver AS Java Logon

2023-11-1401:02:56
CWE-307
sap
www.cve.org
netweaver as java
information disclosure
version 7.50
brute force
confidentiality

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids.Β This will have an impact on confidentiality but there is no other impact on integrity or availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "NetWeaver AS Java",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.5%

Related for CVELIST:CVE-2023-42480