Improper access control during application start-up in SAP AS NetWeaver JAVA.
CVE-2023-30744

8.2HIGH

Key Information:

Vendor: SAP
Status: SAP As Netweaver Java
Vendor: CVE Published:; 9 May 2023

What is CVE-2023-30744?

In SAP AS NetWeaver JAVA versions SERVERCORE 7.50, J2EE-FRMW 7.50, and CORE-TOOLS 7.50, a vulnerability exists that allows an unauthenticated attacker to exploit an open interface. The attacker can leverage an open naming and directory API to instantiate objects that expose callable methods without requiring further authorization or authentication. This flaw could enable attackers to read or alter the state of existing services, which poses significant risks to the integrity and confidentiality of data while maintaining service availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP AS NetWeaver JAVA SERVERCORE 7.50

SAP AS NetWeaver JAVA J2EE-FRMW 7.50

SAP AS NetWeaver JAVA CORE-TOOLS 7.50

References

https://launchpad.support.sap.com/#/notes/3317453

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
Apr 14, 2023

JSON

SAP