exploitDog

CVE-2023-42480

Опубликовано: 14 нояб. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

Ссылки

https://me.sap.com/notes/3366410
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://me.sap.com/notes/3366410
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00104

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-307

Связанные уязвимости

GHSA-xqcp-4jqv-37rh

CVSS3: 5.3

github

около 2 лет назад

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

EPSS

Процентиль: 29%

0.00104

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-307