CVE-2023-49580
HIGH
7,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: low
Availability: low
Description
AI Translation Available
SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0013
Percentile
0,3th
Updated
EPSS Score Trend (Last 90 Days)
732
Incorrect Permission Assignment for Critical Resource
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Access Control
Integrity
Other
Potential Impacts:
Read Application Data
Read Files Or Directories
Gain Privileges Or Assume Identity
Modify Application Data
Other
Applicable Platforms
Technologies:
Not Technology-Specific, Cloud Computing
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_755:*:*:*:*:java:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_756:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_757:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_758:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_758:*:*:*:*:java:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_755:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_757:*:*:*:*:java:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Graphical User Interface by Sap
CPE Identifier
View Detailed Analysis
cpe:2.3:a:sap:graphical_user_interface:sap_basis_756:*:*:*:*:java:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://me.sap.com/notes/3385711
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3385711
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html