CVE-2023-28761 — MEDIUM (6.5)

Vulnerability Description

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Netweaver Enterprise Portal	7.50

Related Weaknesses (CWE)

CWE-306

References

https://launchpad.support.sap.com/#/notes/3289994Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/3289994Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2023-28761?

CVE-2023-28761 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modif...

How severe is CVE-2023-28761?

CVE-2023-28761 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28761?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Enterprise Portal.