CVE-2023-23860

CWE-601 — Open Redirect3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.6%

top 31.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedFeb 14

Description

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_and_abap_platform11 versions+10

▶NVDsap/netweaver_application11 versions+10

🔴Vulnerability Details

GHSA

GHSA-52m2-7hr5-3fp9: SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to cr↗2023-02-14

▶

CVEList

CVE-2023-23860: SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to cr↗2023-02-14

▶