CVE-2023-41367 — Missing Authentication for Critical Function in SE SAP Netweaver
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 59.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 12
Latest updateSep 13
Description
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4