CVE-2023-49584

Name of the Vulnerable Software and Affected Versions SAP Fiori launchpad versions SAP UI 750 through SAP UI 758, UI 700 200, SAP BASIS 793

Description The issue allows an attacker to use the HTTP verb POST on a read-only service, causing a low impact on the confidentiality of the application. This is related to the use of the HTTP POST verb, which is typically used for creating or updating resources, on a service that is intended to be read-only.

Recommendations For SAP Fiori launchpad versions SAP UI 750 through SAP UI 758, UI 700 200, SAP BASIS 793, consider restricting access to the read-only service to prevent unauthorized use of the HTTP POST verb until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.