CVE-2023-0017

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS for Java version 7.50

Description The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API. This can lead to unauthorized operations affecting users and data on the current system, potentially granting the attacker full read access to user data, enabling modifications to user data, and making services within the system unavailable.

Recommendations For SAP NetWeaver AS for Java version 7.50, consider restricting access to the open interface and the open naming and directory API until a patch is available. As a temporary workaround, limit the services that can be accessed through these interfaces to minimize the risk of exploitation.