CVE-2023-23853

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 33.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedFeb 14

Description

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap/netweaver_application_server_for_abap_and_abap_platform14 versions+13

▶NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

GHSA

GHSA-jxp4-w2wq-7w9q: An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755,↗2023-02-14

▶

CVEList

CVE-2023-23853: An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755,↗2023-02-14

▶