CVE-2023-27268

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java (Object Analyzing Service) version 7.50

Description The issue allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service. This enables them to access server settings and data without modifying them, resulting in escalation of privileges. The issue does not affect availability.

Recommendations For version 7.50, apply the necessary authorization checks to prevent unauthenticated access to the open interface and naming and directory API. As a temporary workaround, consider restricting access to the open interface and API until a patch is available.