Vulnerabilities > CVE-2023-27268 - Unspecified vulnerability in SAP Netweaver Application Server for Java 7.50

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2023-03-14

Updated: 2024-11-21

Summary

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability., resulting in escalation of privileges.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server FOR Java 7.50	1

References

https://launchpad.support.sap.com/#/notes/3288480
https://launchpad.support.sap.com/#/notes/3288480
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html