CVE-2023-29111

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 45.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Application Interface Framework (odata Service)SAP Application Interface Framework

Timeline

PublishedApr 11

Description

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap/application_interface_framework_(odata_service)755, 756+1

▶NVDsap/application_interface_framework755, 756+1

🔴Vulnerability Details

GHSA

GHSA-5xq8-426f-cm7h: The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required↗2023-04-11

▶

CVEList

Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service)↗2023-04-11

▶