Denial of service (DOS) in SAP Cloud Connector
CVE-2023-49578

3.5LOW

Key Information:

Vendor: SAP
Status: SAP Cloud Connector
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-49578?

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.

Affected Version(s)

SAP Cloud Connector 2.0

References

https://me.sap.com/notes/3362463

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 27, 2023