CVE-2023-35872

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration version SAP XIAF 7.50

Description The issue is related to the Message Display Tool (MDT) component of SAP NetWeaver Process Integration, which lacks proper authentication checks for certain functionalities. This allows an unauthenticated user to access technical data about the product status and its configuration, potentially causing limited impact on confidentiality and availability of the application. However, it does not allow access to sensitive information or administrative functionalities.

Recommendations For SAP NetWeaver Process Integration version SAP XIAF 7.50, consider implementing additional authentication checks for the Message Display Tool (MDT) component to prevent unauthorized access to technical data. As a temporary workaround, restrict access to the MDT component to minimize the risk of exploitation.