CVE-2023-49581

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 4.1

CVSS3: 9.4

EPSS Низкий

Описание

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Ссылки

https://me.sap.com/notes/3392547
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://me.sap.com/notes/3392547
Permissions Required
Vendor Advisory
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*

cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*

cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*

cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*

EPSS

Процентиль: 21%

0.00069

Низкий

4.1 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-ghxm-9fh8-8p5g

CVSS3: 4.1

github

около 2 лет назад

EPSS

Процентиль: 21%

0.00069

Низкий

4.1 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-89