Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-31405
HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-31405

2023-07-1103:15:09
CWE-117
[email protected]
web.nvd.nist.gov
7
sap
netweaver
java
engineapi
servercore
j2ee-apps
unauthenticated
attacker
network
request
log
modifications

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.

Affected configurations

Nvd
Node
sapnetweaver_application_server_for_javaMatch7.50
VendorProductVersionCPE
sapnetweaver_application_server_for_java7.50cpe:2.3:a:sap:netweaver_application_server_for_java:7.50:*:*:*:*:*:*:*

Related

prion 1
cve 1
nessus 1
cvelist 1
prion
prion
Information disclosure
2023-07-11 03:15:00
cve
cve
CVE-2023-31405
2023-07-11 03:15:09
nessus
nessus
SAP NetWeaver AS Java Log Injection (July 2023)
2023-07-13 00:00:00
cvelist
cvelist
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
2023-07-11 02:23:26

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON
Related for NVD:CVE-2023-31405
prion1cve1nessus1cvelist1