CVE Vulnerabilities

CVE-2023-23857

Improper Authentication

Published: Mar 14, 2023 | Modified: Apr 11, 2023
CVSS 3.x
8.6
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Netweaver_application_server_for_java Sap 7.50 (including) 7.50 (including)

Potential Mitigations

References