CVE-2023-41367

Name of the Vulnerable Software and Affected Versions SAP NetWeaver (Guided Procedures) version 7.50

Description The issue is caused by a missing authentication check in the webdynpro application, allowing an unauthorized user to gain access to the admin view of a specific function anonymously. Under specific circumstances, successful exploitation can lead to the attacker being able to view a user's email address. There is no impact on integrity or availability.

Recommendations For SAP NetWeaver (Guided Procedures) version 7.50, consider implementing an authentication check in the webdynpro application to prevent unauthorized access to the admin view. As a temporary workaround, restrict access to the admin view of the specific function until a proper authentication mechanism is in place.