PT-2023-22159 · Sap · Sap Aif

Published

2023-04-11

Updated

2023-04-18

CVE-2023-29111

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP AIF (ODATA service) versions 755, 756

Description The SAP AIF (ODATA service) discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component, causing a low impact on the confidentiality of the application.

Recommendations For versions 755 and 756, consider restricting access to sensitive information to minimize the risk of exploitation until a fix is available. As a temporary workaround, consider disabling the ODATA service until a patch is available. Restrict access to the SAP AIF component to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-29111

Affected Products

Sap Aif

PT-2023-22159 · Sap · Sap Aif

CVE-2023-29111

Weakness Enumeration

Related Identifiers

Affected Products

References · 6