SapCVELIST:CVE-2023-49581CVE-2023-49581 SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
4.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%
SAP GUI for Windowsย andย SAP GUI for Javaย allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_BASIS 700"
},
{
"status": "affected",
"version": "SAP_BASIS731"
},
{
"status": "affected",
"version": "SAP_BASIS740"
},
{
"status": "affected",
"version": "SAP_BASIS750"
}
]
}
]Related
4.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
9.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.2%