PT-2023-3747 · Sap · Sap Plant Connectivity+1
Publicado
2023-06-13
·
Atualizado
2023-06-26
·
CVE-2023-2827
CVSS v3.1
7.9
Alta
| Vetor | AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Plant Connectivity version 15.5
Production Connector for SAP Digital Manufacturing version 1.0
Description
The issue is related to the lack of validation of the signature of the JSON Web Token (JWT) in HTTP requests sent from SAP Digital Manufacturing. This could allow unauthorized callers from the internal network to send service requests, potentially impacting the integrity of the integration with SAP Digital Manufacturing.
Recommendations
For SAP Plant Connectivity version 15.5, update to a version that includes a fix for the issue with JSON Web Token validation.
For Production Connector for SAP Digital Manufacturing version 1.0, update to a version that includes a fix for the issue with JSON Web Token validation.
As a temporary workaround, consider restricting access to the vulnerable components to minimize the risk of exploitation.
Correção
Missing Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Production Connector For Sap Digital Manufacturing
Sap Plant Connectivity