Lucene search

[email protected]NVD:CVE-2023-42477

HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-42477

2023-10-1002:15:11

CWE-918

[email protected]

web.nvd.nist.gov

sap netweaver

as java

vulnerability

confidentiality

integrity

crafted request

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.

Affected configurations

NVD

Node

sapnetweaver_application_server_javaMatch7.50

References

me.sap.com/notes/3333426

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for NVD:CVE-2023-42477

nessus2 prion1 cve1 cvelist1