Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
CVE-2023-41366

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Application Server Abap And Abap Platform
Vendor: CVE Published:; 14 November 2023

Summary

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

Affected Version(s)

SAP NetWeaver Application Server ABAP and ABAP Platform KERNEL 722

SAP NetWeaver Application Server ABAP and ABAP Platform KERNEL 7.53

SAP NetWeaver Application Server ABAP and ABAP Platform KERNEL 7.77

References

https://me.sap.com/notes/3362849

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Aug 29, 2023