CVE-2023-28761 MEDIUM

CVE-2023-28761: Missing Authentication check in SAP NetWeaver Enterprise Portal

Vendor Sap
Product NetWeaver Enterprise Portal
Weakness CWE-306 · Missing auth
Published April 11, 2023
Last update February 7, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
February 7, 2025 Record updated