CVE-2023-49581 MEDIUM

CVE-2023-49581: SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Vendor Sap_Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Weakness CWE-89 · SQLi

Published December 12, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Key dates

02Disclosure timeline

December 12, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-49581 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

Identifiers

CVE CVE-2023-49581

CWE CWE-89

CVSS 4.1 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected SAP_BASIS 700

Vendor Sap_Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected SAP_BASIS731

Vendor Sap_Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected SAP_BASIS740

Vendor Sap_Se

Product SAP NetWeaver Application Server ABAP and ABAP Platform

Affected SAP_BASIS750

CVE-2023-49581: SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

01Description

02Disclosure timeline

03References

04Related CVE