Lucene search

[email protected]NVD:CVE-2023-41367

HistorySep 12, 2023 - 2:15 a.m.

CVE-2023-41367

2023-09-1202:15:12

CWE-306

[email protected]

web.nvd.nist.gov

sap netweaver

authentication check

unauthorized access

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.0%

JSON

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.

Affected configurations

Nvd

Node

sapnetweaverMatch7.50

VendorProductVersionCPE
sapnetweaver7.50cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver	7.50	cpe:2.3:a:sap:netweaver:7.50:::::::*

References

me.sap.com/notes/3348142

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

28.0%

JSON

Related for NVD:CVE-2023-41367

cve1 cvelist1 vulnrichment1 prion1 cnvd1