ID
VAR-202309-1960
CVE
CVE-2023-41367
DESCRIPTION
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.
Trust: 1.0
sources:
NVD: CVE-2023-41367
AFFECTED PRODUCTS
| vendor: | sap | model: | netweaver | scope: | eq | version: | 7.50 | Trust: 1.0 |
sources:
NVD: CVE-2023-41367
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2023-41367 //
NVD: CVE-2023-41367
PROBLEMTYPE DATA
| problemtype: | CWE-306 | Trust: 1.0 |
sources:
NVD: CVE-2023-41367
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-41367 | Trust: 1.0 |
sources:
NVD: CVE-2023-41367
REFERENCES
| url: | https://me.sap.com/notes/3348142 | Trust: 1.0 |
| url: | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Trust: 1.0 |
sources:
NVD: CVE-2023-41367
SOURCES
| db: | NVD | id: | CVE-2023-41367 |
LAST UPDATE DATE
2024-08-14T14:54:30.303000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2023-41367 | date: | 2023-09-13T15:02:11.297 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2023-41367 | date: | 2023-09-12T02:15:12.733 |