Vulnerabilities > CVE-2023-49581 - Unspecified vulnerability in SAP Netweaver Application Server Abap

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

low complexity

sap

critical

NVD

Published: 2023-12-12

Updated: 2024-11-21

Summary

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Application Server Abap 700 SAP Netweaver Application Server Abap 731 SAP Netweaver Application Server Abap 740 SAP Netweaver Application Server Abap 750	4

References

https://me.sap.com/notes/3392547
https://me.sap.com/notes/3392547
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html