Lucene search

SapCVELIST:CVE-2023-41367

HistorySep 12, 2023 - 1:59 a.m.

CVE-2023-41367 Missing Authentication check in SAP NetWeaver (Guided Procedures)

2023-09-1201:59:55

CWE-306

sap

www.cve.org

cve-2023-41367

missing authentication check

sap netweaver

guided procedures

unauthorized access

webdynpro application

version 7.50

admin view

email address

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (Guided Procedures)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

me.sap.com/notes/3348142

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Related for CVELIST:CVE-2023-41367