CVE-2023-26459

CWE-918 — Server-Side Request Forgery (SSRF)3 documents3 sources

Severity

7.4HIGH

EPSS

0.2%

top 52.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver AS FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedMar 14

Description

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:LExploitability: 3.1 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5sap/netweaver_as_for_abap_and_abap_platform14 versions+13

▶NVDsap/netweaver_application14 versions+13

🔴Vulnerability Details

CVEList

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform↗2023-03-14

▶

GHSA

GHSA-g622-v45p-2m7j: Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 7↗2023-03-14

▶