CVE-2023-49584

EPSS 0.11%
Veröffentlicht 12.12.2023 02:15:08
Zuletzt bearbeitet 21.11.2024 08:33:36
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Fiori Launchpad Version200

SAP ≫ Fiori Launchpad Version700

SAP ≫ Fiori Launchpad Version750

SAP ≫ Fiori Launchpad Version754

SAP ≫ Fiori Launchpad Version755

SAP ≫ Fiori Launchpad Version756

SAP ≫ Fiori Launchpad Version757

SAP ≫ Fiori Launchpad Version758

SAP ≫ Fiori Launchpad Version793

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.308

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vendor Advisory

https://me.sap.com/notes/3406786

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-49584

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49584

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49584

EUVD