Information Disclosure in NetWeaver AS Java Logon
CVE-2023-42480

5.3MEDIUM

Key Information:

Vendor
SAP
Vendor
CVE Published:
14 November 2023

Summary

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

Affected Version(s)

NetWeaver AS Java 7.50

References

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.