CVE-2022-26102
Description
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isnt authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
Risk Information
Base Score
5.4
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.126
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 731 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 700 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver Application Server ABAP 702 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 700 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 731 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 701 | Windows |
| Multiple Vulnerabilities are affected in SAP NetWeaver and ABAP platform (ST-PI) 702 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234