Vulnerability Description
SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Digital Manufacturing | 1.0 |
| Sap | Plant Connectivity | 15.5 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3301942Permissions Required
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
- https://launchpad.support.sap.com/#/notes/3301942Permissions Required
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
FAQ
What is CVE-2023-2827?
CVE-2023-2827 is a vulnerability with a CVSS score of 7.9 (HIGH). SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent ...
How severe is CVE-2023-2827?
CVE-2023-2827 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-2827?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Digital Manufacturing, Sap Plant Connectivity.