CVE-2023-23858
6.1MEDIUMDue to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted
Published: 2/14/2023Updated: 11/21/2024
Description
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.
AI AnalysisPowered by AI
Affected Products
sapnetweaver_application_server_abap
740
sapnetweaver_application_server_abap
750
sapnetweaver_application_server_abap
751
sapnetweaver_application_server_abap
752
sapnetweaver_application_server_abap
753
sapnetweaver_application_server_abap
754
sapnetweaver_application_server_abap
755
sapnetweaver_application_server_abap
756
sapnetweaver_application_server_abap
757
References
- https://launchpad.support.sap.com/#/notes/3293786Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
- https://launchpad.support.sap.com/#/notes/3293786Permissions RequiredVendor Advisory
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory