Improper Access Control in SAP NetWeaver AS Java (Classload Service)
CVE-2023-24526

5.3MEDIUM

Key Information:

Vendor
SAP
Status
NetWeaver AS Java for Classload Service
Vendor
CVE Published:
14 March 2023

Summary

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.

Affected Version(s)

NetWeaver AS Java for Classload Service 7.50

References

https://launchpad.support.sap.com/#/notes/3288394
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.