CVE-2023-23859

2023-02-1404:15:12

CWE-79

[email protected]

web.nvd.nist.gov

sap netweaver

abap platform

unauthenticated attacker

malicious link

sensitive information

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

35.8%

JSON

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information.

Affected configurations

Nvd

Node

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch751

sapnetweaver_application_server_abapMatch752

sapnetweaver_application_server_abapMatch753

sapnetweaver_application_server_abapMatch754

sapnetweaver_application_server_abapMatch755

sapnetweaver_application_server_abapMatch756

sapnetweaver_application_server_abapMatch757

sapnetweaver_application_server_abapMatch789

sapnetweaver_application_server_abapMatch790

VendorProductVersionCPE
sapnetweaver_application_server_abap740cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
sapnetweaver_application_server_abap750cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
sapnetweaver_application_server_abap751cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
sapnetweaver_application_server_abap752cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
sapnetweaver_application_server_abap753cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
sapnetweaver_application_server_abap754cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
sapnetweaver_application_server_abap755cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
sapnetweaver_application_server_abap756cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*
sapnetweaver_application_server_abap757cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*
sapnetweaver_application_server_abap789cpe:2.3:a:sap:netweaver_application_server_abap:789:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	netweaver_application_server_abap	740	cpe:2.3:a:sap:netweaver_application_server_abap:740:::::::*
sap	netweaver_application_server_abap	750	cpe:2.3:a:sap:netweaver_application_server_abap:750:::::::*
sap	netweaver_application_server_abap	751	cpe:2.3:a:sap:netweaver_application_server_abap:751:::::::*
sap	netweaver_application_server_abap	752	cpe:2.3:a:sap:netweaver_application_server_abap:752:::::::*
sap	netweaver_application_server_abap	753	cpe:2.3:a:sap:netweaver_application_server_abap:753:::::::*
sap	netweaver_application_server_abap	754	cpe:2.3:a:sap:netweaver_application_server_abap:754:::::::*
sap	netweaver_application_server_abap	755	cpe:2.3:a:sap:netweaver_application_server_abap:755:::::::*
sap	netweaver_application_server_abap	756	cpe:2.3:a:sap:netweaver_application_server_abap:756:::::::*
sap	netweaver_application_server_abap	757	cpe:2.3:a:sap:netweaver_application_server_abap:757:::::::*
sap	netweaver_application_server_abap	789	cpe:2.3:a:sap:netweaver_application_server_abap:789:::::::*