CVE-2023-23858

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790

Description The issue is caused by insufficient input validation, allowing an unauthenticated attacker to send a crafted URL to a user. When the user clicks the URL, they may be directed outside the application and potentially enter sensitive data, causing a limited impact on confidentiality and integrity.

Recommendations For SAP NetWeaver AS for ABAP and ABAP Platform versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, consider implementing proper input validation to prevent crafted URLs from being processed. As a temporary workaround, restrict access to external URLs from within the application to minimize the risk of exploitation. Avoid using URLs that may redirect users outside the application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.