CVE-2023-31405 MEDIUM

CVE-2023-31405: Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Log Viewer)

Weakness CWE-117

Published July 11, 2023

Last update November 8, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

Description

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.

Key dates

Disclosure timeline

July 11, 2023 CVE published

November 8, 2024 Record updated

Identifiers

CVE CVE-2023-31405

CWE CWE-117

CVSS 5.3 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Log Viewer)

Affected ENGINEAPI 7.50

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Log Viewer)

Affected SERVERCORE 7.50

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Log Viewer)

Affected J2EE-APPS 7.50