CVE-2023-35873

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration version SAP XITOOL 7.50

Description The issue is related to the lack of authentication for a critical function in the Runtime Workbench (RWB) component of SAP NetWeaver Process Integration. This could allow a remote attacker to impact the confidentiality and availability of protected information. The vulnerability may enable an unauthenticated user to access technical data about the product status and its configuration, but it does not allow access to sensitive information or administrative functionalities. The exploitation of this issue can cause limited impact on the confidentiality and availability of the application.

Recommendations For version SAP XITOOL 7.50, consider implementing authentication checks for critical functionalities to prevent unauthorized access. As a temporary workaround, restrict access to technical data about the product status and its configuration until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.