Authenticated Access Vulnerability in SAP Solution Manager BSP Application
CVE-2023-0025

6.5MEDIUM

Key Information:

Vendor
SAP
Status
Solution Manager (bsp Application)
Vendor
CVE Published:
14 February 2023

Summary

An issue in SAP Solution Manager's BSP Application version 720 permits authenticated attackers to create malicious links. When clicked by an unsuspecting user, these links could allow unauthorized access to sensitive information or enable the attacker to modify data. This vulnerability poses a significant risk, as it can facilitate further exploitation of resources within the affected system.

Affected Version(s)

Solution Manager (BSP Application) 720

References

https://launchpad.support.sap.com/#/notes/3267442
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.