Lucene search

[email protected]NVD:CVE-2023-49581

HistoryDec 12, 2023 - 2:15 a.m.

CVE-2023-49581

2023-12-1202:15:07

CWE-89

[email protected]

web.nvd.nist.gov

sap gui

cve-2023-49581

vulnerability

confidential data

unauthenticated

database table

response times

as abap

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

42.1%

JSON

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Affected configurations

NVD

Node

sapnetweaver_application_server_abapMatch700sap_basis

sapnetweaver_application_server_abapMatch731sap_basis

sapnetweaver_application_server_abapMatch740sap_basis

sapnetweaver_application_server_abapMatch750sap_basis

References

me.sap.com/notes/3392547

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for NVD:CVE-2023-49581

cvelist1 prion1 nessus1 cve1