CVE-2023-49578 LOW

CVE-2023-49578: Denial of service (DOS) in SAP Cloud Connector

Vendor Sap_Se
Product SAP Cloud Connector
Weakness CWE-732
Published December 12, 2023
Last update October 9, 2024

CVSS base score

3.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity  of the application.

Key dates

02Disclosure timeline

December 12, 2023 CVE published
October 9, 2024 Record updated