CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Published: Dec 12, 2023
Updated: Dec 19, 2023
CVE: CVE-2023-49581
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.4
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWEs:

CWE-200
CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	700	700.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	740	740.x
sap / netweaver_application_server_abap	750	750.x

https://me.sap.com/notes/3392547
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Vulnerability Database

289,697

CVE-2023-49581