CVE-2023-49578

CWE-732Incorrect Permission AssignmentCWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
3.5LOW
EPSS
0.0%
top 85.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Cloud ConnectorSAP Cloud Connector
Timeline
PublishedDec 12

Description

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Denial of service (DOS) in SAP Cloud Connector2023-12-12
GHSA
GHSA-8pr4-262g-crh2: SAP Cloud Connector - version 22023-12-12
CVE-2023-49578 (LOW CVSS 3.5) | SAP Cloud Connector - version 2.0 | cvebase.io