PT-2023-3747 · Sap · Sap Plant Connectivity+1
Published
2023-06-13
·
Updated
2023-06-26
·
CVE-2023-2827
CVSS v3.1
7.9
High
| Vector | AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Plant Connectivity version 15.5
Production Connector for SAP Digital Manufacturing version 1.0
Description
The issue is related to the lack of validation of the signature of the JSON Web Token (JWT) in HTTP requests sent from SAP Digital Manufacturing. This could allow unauthorized callers from the internal network to send service requests, potentially impacting the integrity of the integration with SAP Digital Manufacturing.
Recommendations
For SAP Plant Connectivity version 15.5, update to a version that includes a fix for the issue with JSON Web Token validation.
For Production Connector for SAP Digital Manufacturing version 1.0, update to a version that includes a fix for the issue with JSON Web Token validation.
As a temporary workaround, consider restricting access to the vulnerable components to minimize the risk of exploitation.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Production Connector For Sap Digital Manufacturing
Sap Plant Connectivity