Information disclosure in SAP GUI for Windows and SAP GUI for Java
CVE-2023-49580

7.3HIGH

Key Information:

Vendor: SAP
Status: SAP Gui For Windows And SAP Gui For Java
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-49580?

The SAP GUI for Windows and Java, specifically versions SAP_BASIS 755, 756, 757, and 758, are susceptible to a vulnerability that allows an unauthorized attacker to gain access to sensitive, restricted information. This breach can lead to the creation of custom Layout configurations in the ABAP List Viewer, which could adversely affect both the integrity and availability of the service. An attacker may exploit this vulnerability to manipulate system response times, leading to potential disruptions in service.

Affected Version(s)

SAP GUI for Windows and SAP GUI for Java SAP_BASIS 755

SAP GUI for Windows and SAP GUI for Java SAP_BASIS 756

SAP GUI for Windows and SAP GUI for Java SAP_BASIS 757

References

https://me.sap.com/notes/3385711

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 27, 2023