Lucene search

[email protected]NVD:CVE-2023-23858

HistoryFeb 14, 2023 - 4:15 a.m.

CVE-2023-23858

2023-02-1404:15:11

CWE-79

[email protected]

web.nvd.nist.gov

sap

netweaver

abap

input validation

unauthenticated attacker

sensitive data

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.

Affected configurations

NVD

Node

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch751

sapnetweaver_application_server_abapMatch752

sapnetweaver_application_server_abapMatch753

sapnetweaver_application_server_abapMatch754

sapnetweaver_application_server_abapMatch755

sapnetweaver_application_server_abapMatch756

sapnetweaver_application_server_abapMatch757

References

launchpad.support.sap.com/#/notes/3293786

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for NVD:CVE-2023-23858

prion1 cvelist1 cve1 nessus1