Lucene search

[email protected]CVE-2023-49580

HistoryDec 12, 2023 - 2:15 a.m.

CVE-2023-49580

2023-12-1202:15:07

CWE-200

[email protected]

web.nvd.nist.gov

sap

gui

windows

java

sap_basis

755

756

757

758

unauthenticated access

information disclosure

abap list viewer

integrity

availability

nvd

cve-2023-49580

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.

Affected configurations

NVD

Node

sapgraphical_user_interfaceMatchsap_basis_755java

sapgraphical_user_interfaceMatchsap_basis_755windows

sapgraphical_user_interfaceMatchsap_basis_756java

sapgraphical_user_interfaceMatchsap_basis_756windows

sapgraphical_user_interfaceMatchsap_basis_757java

sapgraphical_user_interfaceMatchsap_basis_757windows

sapgraphical_user_interfaceMatchsap_basis_758java

sapgraphical_user_interfaceMatchsap_basis_758windows

CPENameOperatorVersion
sap:graphical_user_interfacesap graphical user interfaceeqsap_basis_755
sap:graphical_user_interfacesap graphical user interfaceeqsap_basis_756
sap:graphical_user_interfacesap graphical user interfaceeqsap_basis_757
sap:graphical_user_interfacesap graphical user interfaceeqsap_basis_758

CPE	Name	Operator	Version
sap:graphical_user_interface	sap graphical user interface	eq	sap_basis_755
sap:graphical_user_interface	sap graphical user interface	eq	sap_basis_756
sap:graphical_user_interface	sap graphical user interface	eq	sap_basis_757
sap:graphical_user_interface	sap graphical user interface	eq	sap_basis_758

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP GUI for Windows and SAP GUI for Java",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_BASIS 755"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 756"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 757"
      },
      {
        "status": "affected",
        "version": "SAP_BASIS 758"
      }
    ]
  }
]

References

me.sap.com/notes/3385711

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for CVE-2023-49580

nvd1 prion1 cvelist1