Missing Authentication check in SAP NetWeaver Enterprise Portal
CVE-2023-28761

6.5MEDIUM

Key Information:

Vendor: SAP
Status: Netweaver Enterprise Portal
Vendor: CVE Published:; 11 April 2023

What is CVE-2023-28761?

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.

Affected Version(s)

NetWeaver Enterprise Portal 7.50

References

https://launchpad.support.sap.com/#/notes/3289994

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 23, 2023