PT-2023-21943 · Sap · Sap Netweaver Enterprise Portal
Published
2023-04-11
·
Updated
2023-04-14
·
CVE-2023-28761
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver Enterprise Portal version 7.50
Description
An unauthenticated attacker can attach to an open interface and make use of an open API to access a service, enabling them to access or modify server settings and data. This leads to limited impact on confidentiality and integrity.
Recommendations
For SAP NetWeaver Enterprise Portal version 7.50, consider restricting access to the open API and interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the access to server settings and data to authorized personnel only.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Enterprise Portal