Information disclosure in SAP GUI for Windows and SAP GUI for Java
CVE-2023-49580
7.3HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 December 2023
What is CVE-2023-49580?
The SAP GUI for Windows and Java, specifically versions SAP_BASIS 755, 756, 757, and 758, are susceptible to a vulnerability that allows an unauthorized attacker to gain access to sensitive, restricted information. This breach can lead to the creation of custom Layout configurations in the ABAP List Viewer, which could adversely affect both the integrity and availability of the service. An attacker may exploit this vulnerability to manipulate system response times, leading to potential disruptions in service.
Affected Version(s)
SAP GUI for Windows and SAP GUI for Java SAP_BASIS 755
SAP GUI for Windows and SAP GUI for Java SAP_BASIS 756
SAP GUI for Windows and SAP GUI for Java SAP_BASIS 757