CVE-2023-41366

CWE-4973 documents3 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 55.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedNov 14

Description

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_abap_platform15 versions+14

▶NVDsap/netweaver_application15 versions+14

🔴Vulnerability Details

GHSA

GHSA-p982-w5fx-5rwf: Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7↗2023-11-14

▶

CVEList

Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform↗2023-11-14

▶