CVE-2023-23857

Published: Mar 14, 2023Modified: Nov 21, 2024

8.6

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Exploitability: 3.9 / Impact: 4.7

Source: NVD

Description

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.

Affected (1)

Products: Sap: Netweaver Application Server For Java

1 product

Netweaver Application Server For Java

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server For Java	Version 7.50

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://launchpad.support.sap.com/#/notes/3252433

Source: cna@sap.com

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3252433

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.