PT-2023-20653 · Sap · Sap Netweaver Application Server Java
Published
2023-03-14
·
Updated
2023-04-11
·
CVE-2023-26460
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Application Server for Java version 7.50
Description
The Cache Management Service in SAP NetWeaver Application Server for Java does not perform authentication checks for functionalities that require user identity.
Recommendations
For SAP NetWeaver Application Server for Java version 7.50, consider implementing additional authentication checks for functionalities that require user identity as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Java