CVE-2023-49580 HIGH

CVE-2023-49580: Information disclosure in SAP GUI for Windows and SAP GUI for Java

Vendor Sap_Se

Product SAP GUI for Windows and SAP GUI for Java

Weakness CWE-732

Published December 12, 2023

Last update September 28, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.

Key dates

Disclosure timeline

December 12, 2023 CVE published

September 28, 2024 Record updated

Identifiers

CVE CVE-2023-49580

CWE CWE-732

CVSS 7.3 / HIGH

Affected versions

Vendor Sap_Se

Product SAP GUI for Windows and SAP GUI for Java

Affected SAP_BASIS 755

Vendor Sap_Se

Product SAP GUI for Windows and SAP GUI for Java

Affected SAP_BASIS 756

Vendor Sap_Se

Product SAP GUI for Windows and SAP GUI for Java

Affected SAP_BASIS 757

Vendor Sap_Se

Product SAP GUI for Windows and SAP GUI for Java

Affected SAP_BASIS 758