VDB

CISA-2023-23858

CISA-2023-23858 PUBLISHED CVSS 6.1 MEDIUM

Reported by sap · Published February 14, 2023

Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.

Risk Scores

CVSS 3.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform740, 750, 751
SAP_SESAP NetWeaver AS for ABAP and ABAP Platform750, 754, 755

Timeline

  • Feb 14, 2023 CVE Published
  • Mar 20, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›