VDB
CISA-2023-23858
CISA-2023-23858
PUBLISHED
CVSS 6.1 MEDIUM
Reported by sap · Published February 14, 2023
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.
Risk Scores
CVSS 3.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP NetWeaver AS for ABAP and ABAP Platform | 740, 750, 751 |
| SAP_SE | SAP NetWeaver AS for ABAP and ABAP Platform | 750, 754, 755 |
Timeline
- Feb 14, 2023 CVE Published
- Mar 20, 2025 CVE Updated