4.3
CVE-2023-49584
- EPSS 0.11%
- Published 12.12.2023 02:15:08
- Last modified 21.11.2024 08:33:36
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Fiori Launchpad Version200
SAP ≫ Fiori Launchpad Version700
SAP ≫ Fiori Launchpad Version750
SAP ≫ Fiori Launchpad Version754
SAP ≫ Fiori Launchpad Version755
SAP ≫ Fiori Launchpad Version756
SAP ≫ Fiori Launchpad Version757
SAP ≫ Fiori Launchpad Version758
SAP ≫ Fiori Launchpad Version793
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.308 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| cna@sap.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.