CVE-2023-42480

CWE-3073 documents3 sources
Severity
5.3MEDIUM
EPSS
0.1%
top 71.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedNov 14

Description

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/netweaver_as_java7.50

🔴Vulnerability Details

2
GHSA
GHSA-xqcp-4jqv-37rh: The unauthenticated attacker in NetWeaver AS Java Logon application - version 72023-11-14
CVEList
Information Disclosure in NetWeaver AS Java Logon2023-11-14
CVE-2023-42480 (MEDIUM CVSS 5.3) | The unauthenticated attacker in Net | cvebase.io