CVE-2023-23857

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS for Java version 7.50

Description The issue is related to missing authentication checks in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API. This access can be used to perform unauthorized operations that affect users and services across systems. Upon successful exploitation, an attacker can read and modify sensitive information, and also potentially lock up elements or operations of the system, making it unresponsive or unavailable.

Recommendations For SAP NetWeaver AS for Java version 7.50, consider implementing additional authentication checks to prevent unauthorized access to the open interface and naming and directory API until a patch is available. As a temporary workaround, restrict access to sensitive services and data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.