CVE-2023-42480 MEDIUM

CVE-2023-42480: Information Disclosure in NetWeaver AS Java Logon

Vendor Sap_Se

Product NetWeaver AS Java

Weakness CWE-307 · Brute force

Published November 14, 2023

Last update September 3, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.

Key dates

Disclosure timeline

November 14, 2023 CVE published

September 3, 2024 Record updated