CVE-2023-42477 MEDIUM

CVE-2023-42477: Server-Side Request Forgery in SAP NetWeaver AS Java (GRMG Heartbeat application)

Vendor Sap_Se

Product SAP NetWeaver AS Java

Weakness CWE-918 · SSRF

Published October 10, 2023

Last update September 18, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

Description

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.

Key dates

Disclosure timeline

October 10, 2023 CVE published

September 18, 2024 Record updated