← Back

CVE-2023-49580

nvd nist
Published: Dec 12, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: NVD

Description

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.

Affected (8)

Sap
1 product
Graphical User Interface
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Graphical User Interface
Version sap_basis_755
Graphical User Interface
Version sap_basis_755
Graphical User Interface
Version sap_basis_756
Graphical User Interface
Version sap_basis_756
Graphical User Interface
Version sap_basis_757
Graphical User Interface
Version sap_basis_757
Graphical User Interface
Version sap_basis_758
Graphical User Interface
Version sap_basis_758

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

Source: cna@sap.com
Permissions RequiredVendor Advisory
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.