7.3
CVE-2023-49580
- EPSS 0.13%
- Published 12.12.2023 02:15:07
- Last modified 21.11.2024 08:33:35
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Graphical User Interface Versionsap_basis_755 SwPlatformjava
SAP ≫ Graphical User Interface Versionsap_basis_755 SwPlatformwindows
SAP ≫ Graphical User Interface Versionsap_basis_756 SwPlatformjava
SAP ≫ Graphical User Interface Versionsap_basis_756 SwPlatformwindows
SAP ≫ Graphical User Interface Versionsap_basis_757 SwPlatformjava
SAP ≫ Graphical User Interface Versionsap_basis_757 SwPlatformwindows
SAP ≫ Graphical User Interface Versionsap_basis_758 SwPlatformjava
SAP ≫ Graphical User Interface Versionsap_basis_758 SwPlatformwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.327 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
| cna@sap.com | 7.3 | 3.9 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-732 Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.