CVE-2023-24527

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java for Deploy Service version 7.5

Description The issue allows an unauthenticated attacker to access server settings and data without modifying them, as the system does not perform access control checks for certain functionalities that require user identity. This enables the attacker to attach to an open interface and utilize an open naming and directory API to access a service. The attack has no effect on availability and integrity.

Recommendations For SAP NetWeaver AS Java for Deploy Service version 7.5, consider restricting access to the open interface and the open naming and directory API as a temporary workaround until a patch is available. Additionally, review and implement proper access control checks for functionalities that require user identity to prevent unauthorized access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.